From owner-freebsd-security  Thu Sep  7  1:49:52 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6216537B422; Thu,  7 Sep 2000 01:49:47 -0700 (PDT)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13WxN8-0009rM-00; Thu, 07 Sep 2000 10:49:26 +0200
Date: Thu, 7 Sep 2000 10:49:26 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject: Re: UNIX locale format string vulnerability (fwd)
Message-ID: <20000907104925.A37872@mithrandr.moria.org>
References: <Pine.BSF.4.21.0009051020390.17724-100000@freefall.freebsd.org> <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz>; from mencl@nenya.ms.mff.cuni.cz on Thu, Sep 07, 2000 at 10:12:11AM +0200
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu 2000-09-07 (10:12), Vladimir Mencl, MK, susSED wrote:
> > > Wouldn't a FreeBSD system with Linux compatibility being utilised be 
> > > vulnerable too?
> > 
> > Yes, but only if you've installed a vulnerable linux binary which is
> > setuid or setgid something. We don't install any set[ug]id binaries in the
> > linux_base or linux_devtools ports.
> > 
> > Kris
> 
> However, I think that FreeBSD is vulnerable with the sudo port
> installed.
> 
> Although sudo discards some dangerous environment variables (LD_LIBRARY_PATH)
> it does pass the LC_ALL, PATH_LOCALE variables through.
> 
> Therefore, I belive, that any user allowed to use sudo to execute a
> program with elevated privileges, can potentially exploit this
> vulnerability.
> 
> So, at least a port security advisory should be issued, and possibly the
> sudo port patched to discard locale-specific environment variables.

Why would someone install the sudo RedHat package on FreeBSD?

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message