Page MenuHomeFreeBSD

D30834.diff
No OneTemporary

D30834.diff

diff --git a/sys/conf/options b/sys/conf/options
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -1021,3 +1021,11 @@
IICHID_SAMPLING opt_hid.h
HKBD_DFLT_KEYMAP opt_hkbd.h
HIDRAW_MAKE_UHID_ALIAS opt_hid.h
+
+# kenv options
+# The early kernel environment (loader environment, config(8)-provided static)
+# is typically cleared after the dynamic environment comes up to ensure that
+# we're not inadvertently holding on to 'secret' values in these stale envs.
+# This option is insecure except in controlled environments where the static
+# environment's contents are known to be safe.
+PRESERVE_EARLY_KENV opt_global.h
diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -365,7 +365,11 @@
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
strcpy(kenvp[i++], cp);
sanitize:
+#ifdef PRESERVE_EARLY_KENV
+ continue;
+#else
explicit_bzero(cp, len - 1);
+#endif
}
*curpos = i;
}

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 26, 10:30 AM (12 h, 17 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15603847
Default Alt Text
D30834.diff (983 B)

Event Timeline