Date: Thu, 7 Sep 2000 10:12:11 +0200 (MET DST) From: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz> In-Reply-To: <Pine.BSF.4.21.0009051020390.17724-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Sep 2000, Kris Kennaway wrote: > On Tue, 5 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote: > > > Wouldn't a FreeBSD system with Linux compatibility being utilised be > > vulnerable too? > > Yes, but only if you've installed a vulnerable linux binary which is > setuid or setgid something. We don't install any set[ug]id binaries in the > linux_base or linux_devtools ports. > > Kris However, I think that FreeBSD is vulnerable with the sudo port installed. Although sudo discards some dangerous environment variables (LD_LIBRARY_PATH) it does pass the LC_ALL, PATH_LOCALE variables through. Therefore, I belive, that any user allowed to use sudo to execute a program with elevated privileges, can potentially exploit this vulnerability. So, at least a port security advisory should be issued, and possibly the sudo port patched to discard locale-specific environment variables. Best regards Vladimir Mencl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.10009071007410.11627-100000>