So, right now you grab environment information from the binaries, but you
could also instrument libc (and others) to report on their use of
getenv/etc to some logging mechanism, and then attempt to exploit the ones
used. This would help you in situations (that might exist) where the
program uses variable string pointers to call getenv.
Also, with the fts_ stuff a while, back, that raises the issue of long
filenames as a potential source of suffering. Not sure how easy that
would be to test, but really suggests a libc test harness (or syscall test
harness) that causes unpleasentness for processes running in it.
Robert N M Watson
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message