Date: Thu, 7 Sep 2000 03:41:13 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <Pine.BSF.4.21.0009070338240.96337-100000@freefall.freebsd.org> In-Reply-To: <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Sep 2000, Vladimir Mencl, MK, susSED wrote:
> However, I think that FreeBSD is vulnerable with the sudo port
> installed.
>
> Although sudo discards some dangerous environment variables (LD_LIBRARY_PATH)
> it does pass the LC_ALL, PATH_LOCALE variables through.
>
> Therefore, I belive, that any user allowed to use sudo to execute a
> program with elevated privileges, can potentially exploit this
> vulnerability.
>
> So, at least a port security advisory should be issued, and possibly the
> sudo port patched to discard locale-specific environment variables.
Thanks for the report. I'll look into it and issue a ports advisory if
necessary (this seems to be a sudo problem, not a FreeBSD one -
PATH_LOCALE is ignored if setugid, and at first glance LC_ALL is okay too,
although I need to check that properly)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009070338240.96337-100000>