Date: Sat, 24 Jul 2010 19:43:01 GMT From: Steve Wills <steve@mouf.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/148911: maintainer update: mark security/isolate forbidden due to security issue Message-ID: <201007241943.o6OJh1cW075211@www.freebsd.org> Resent-Message-ID: <201007241950.o6OJo98S098402@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 148911
>Category: ports
>Synopsis: maintainer update: mark security/isolate forbidden due to security issue
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jul 24 19:50:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Steve Wills
>Release: 8.1-RC2
>Organization:
>Environment:
>Description:
The security/isolate port currently suffers from local root privileges escalation problems. It should not be used. The attached patch marks it forbidden. Also marks it broken on pre 8.x due to lack of unlinkat (and openat) syscalls, in preparation for when the security issue is fixed.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN security/isolate.orig/Makefile security/isolate/Makefile
--- security/isolate.orig/Makefile 2010-07-24 15:35:34.963084308 -0400
+++ security/isolate/Makefile 2010-07-24 15:38:47.628535561 -0400
@@ -24,8 +24,10 @@
.include <bsd.port.pre.mk>
-.if ${OSVERSION} < 700025
-IGNORE= does not compile (needs gelf.h)
+.if ${OSVERSION} < 800000
+IGNORE= does not compile (needs unlinkat)
.endif
+FORBIDDEN= isolate currently suffers from local root privilege escallation bugs
+
.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007241943.o6OJh1cW075211>