Page MenuHomeFreeBSD

login: add a check for a post-condition when exporting the environment
ClosedPublic

Authored by pfg on Oct 27 2020, 4:29 AM.
Tags
None
Referenced Files
F106106571: D26966.diff
Wed, Dec 25, 12:25 PM
Unknown Object (File)
Thu, Dec 5, 4:41 AM
Unknown Object (File)
Mon, Dec 2, 9:15 AM
Unknown Object (File)
Mon, Dec 2, 9:15 AM
Unknown Object (File)
Mon, Dec 2, 9:15 AM
Unknown Object (File)
Mon, Dec 2, 8:49 AM
Unknown Object (File)
Nov 7 2024, 8:43 AM
Unknown Object (File)
Oct 14 2024, 3:40 AM
Subscribers

Details

Summary

FreeBSD's login code is used as an example case in the "Principles of Secure
Coding" coursera course. While FreeBSD correctly checks for wrong
preconditions it could also check for the setenv post-conditon.

It is clear that setenv(3) will not fail, however it wouldn't hurt to make sure
the return value matches our expectacions.

Credit for this change is due to Matthew Bishop, PhD

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

pfg requested review of this revision.Oct 27 2020, 4:30 AM
pfg retitled this revision from login: add a check for a precondition when exporting the environment to login: add a check for a post-condition when exporting the environment.Dec 19 2020, 2:01 AM
This revision was not accepted when it landed; it landed in state Needs Review.Dec 19 2020, 2:24 AM
This revision was automatically updated to reflect the committed changes.

Looks like export is only ever used in export_pam_environment(), where its return value is ignored.

Looks like export is only ever used in export_pam_environment(), where its return value is ignored.

Yes, I see :-/
So the change is useless, as are the checks for the pre-conditions.

It was really nice to see FreeBSD mentioned in a software security course though.

head/usr.bin/login/login.c
810

This is actually -1 : 1 is vener returned by setenv(3).

In D26966#618727, @pfg wrote:

Looks like export is only ever used in export_pam_environment(), where its return value is ignored.

Yes, I see :-/
So the change is useless, as are the checks for the pre-conditions.

It was really nice to see FreeBSD mentioned in a software security course though.

Preconditions are actually useful in that we do NOT set LD_* or other forbidden variables.