From owner-freebsd-security@FreeBSD.ORG Tue Dec 1 09:01:10 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CAD2106568D; Tue, 1 Dec 2009 09:01:10 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id DA7BB8FC1B; Tue, 1 Dec 2009 09:01:09 +0000 (UTC) Received: by bwz5 with SMTP id 5so3258597bwz.3 for ; Tue, 01 Dec 2009 01:01:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=cJj/wb54qCXOOxJjtqYXiJKX2nzpGKIvWzzIJmcL7zU=; b=xupaaqseiVtX9JJP4C3sAHO1weeYnTnO7qfNg5N9oF+jRL6LaF5LnD6IxhBnCivvAa ryFO7+5k+3+GfhruMzfDawg5Xyn9KoQK+W5TcKSOAuipL87CiVlCPAhlfUH4kppOkSEv sbQAovjkXP99CT4zY0ilgz+wJ/lRMn/DD33bg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Kd3AofPSnZ7sYI7K+tJqeIeklVzfnsn7gm5Vd5boNDxfhITb/UWVBjTYZL8zXXbdfT UjJ5XH/vrdAbIgrk5R2C1Kw9mXKDZZt0HBAjDjy5qiSqKJClWenL/PaOeYAE0OaZmmL3 /fN/+CuapcyIDxz9m4PJVHW2Q4ffz8Bsm2OMg= MIME-Version: 1.0 Received: by 10.204.10.19 with SMTP id n19mr3697334bkn.19.1259658068771; Tue, 01 Dec 2009 01:01:08 -0800 (PST) In-Reply-To: <4B149B8A.80100@xzibition.com> References: <200912010120.nB11Koo2088364@freefall.freebsd.org> <4B149B8A.80100@xzibition.com> Date: Tue, 1 Dec 2009 09:01:08 +0000 Message-ID: From: =?UTF-8?Q?Istv=C3=A1n?= To: Bryan Drewery Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security , cperciva Subject: Re: Upcoming FreeBSD Security Advisory X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 09:01:10 -0000 yeah noexec /tmp is nice cat /tmp/shellscript | bash same with executables It is good against level0 kiddies and bots On Tue, Dec 1, 2009 at 4:28 AM, Bryan Drewery wrote: > Colin, > > Thank you so much for alerting us and providing a temporary patch. I had > a user attempt to use the public exploit today, but due to /tmp being > noexec, it failed. Luckily I caught him before he modified the script to > work though. Now I am patched and can sleep tonight :) > > Thanks, > Bryan > > FreeBSD Security Officer wrote: > > Hi all, > > > > A short time ago a "local root" exploit was posted to the full-disclosure > > mailing list; as the name suggests, this allows a local user to execute > > arbitrary code as root. > > > > Normally it is the policy of the FreeBSD Security Team to not publicly > > discuss security issues until an advisory is ready, but in this case > > since exploit code is already widely available I want to make a patch > > available ASAP. Due to the short timeline, it is possible that this > > patch will not be the final version which is provided when an advisory > > is sent out; it is even possible (although highly doubtful) that this > > patch does not fully fix the issue or introduces new issues -- in short, > > use at your own risk (even more than usual). > > > > The patch is at > > http://people.freebsd.org/~cperciva/rtld.patch > > and has SHA256 hash > > ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1 > > > > I expect a full security advisory concerning this issue will go out on > > Wednesday December 2nd. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- the sun shines for all http://l1xl1x.blogspot.com