Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F106101709
D30834.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
983 B
Referenced Files
None
Subscribers
None
D30834.diff
View Options
diff --git a/sys/conf/options b/sys/conf/options
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -1021,3 +1021,11 @@
IICHID_SAMPLING opt_hid.h
HKBD_DFLT_KEYMAP opt_hkbd.h
HIDRAW_MAKE_UHID_ALIAS opt_hid.h
+
+# kenv options
+# The early kernel environment (loader environment, config(8)-provided static)
+# is typically cleared after the dynamic environment comes up to ensure that
+# we're not inadvertently holding on to 'secret' values in these stale envs.
+# This option is insecure except in controlled environments where the static
+# environment's contents are known to be safe.
+PRESERVE_EARLY_KENV opt_global.h
diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -365,7 +365,11 @@
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
strcpy(kenvp[i++], cp);
sanitize:
+#ifdef PRESERVE_EARLY_KENV
+ continue;
+#else
explicit_bzero(cp, len - 1);
+#endif
}
*curpos = i;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Dec 26, 10:30 AM (12 h, 17 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15603847
Default Alt Text
D30834.diff (983 B)
Attached To
Mode
D30834: kern: add an option for preserving the early kenv
Attached
Detach File
Event Timeline
Log In to Comment