From owner-freebsd-security@FreeBSD.ORG Thu Dec 3 14:55:54 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 478031065670 for ; Thu, 3 Dec 2009 14:55:54 +0000 (UTC) (envelope-from jamie@bishopston.net) Received: from pacha.mail.bishopston.net (pacha.mail.bishopston.net [IPv6:2001:5c0:1100:200::3]) by mx1.freebsd.org (Postfix) with ESMTP id E98CA8FC08 for ; Thu, 3 Dec 2009 14:55:53 +0000 (UTC) X-Catflap-Envelope-From: X-Catflap-Envelope-To: freebsd-security@freebsd.org Received: from catflap.bishopston.net (jamie@localhost [127.0.0.1]) by catflap.bishopston.net (8.14.3/8.14.3) with ESMTP id nB3Etro2031316; Thu, 3 Dec 2009 14:55:53 GMT (envelope-from jamie@catflap.bishopston.net) Received: (from jamie@localhost) by catflap.bishopston.net (8.14.3/8.12.9/Submit) id nB3EtriT031315; Thu, 3 Dec 2009 14:55:53 GMT From: Jamie Landeg Jones Message-Id: <200912031455.nB3EtriT031315@catflap.bishopston.net> Date: Thu, 03 Dec 2009 14:55:53 +0000 Organization: http://www.bishopston.com/jamie/ To: ml@netfence.it, freebsd-security@freebsd.org References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> In-Reply-To: <4B179B90.10307@netfence.it> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (catflap.bishopston.net [127.0.0.1]); Thu, 03 Dec 2009 14:55:53 +0000 (GMT) X-Virus-Scanned: clamav-milter 0.95.2 at catflap.bishopston.net X-Virus-Status: Clean X-Mailman-Approved-At: Thu, 03 Dec 2009 15:01:15 +0000 Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 14:55:54 -0000 > Sorry, this might seem a stupid question, but... > In several places I read that FreeBSD 6.x is NOT affected; however, I > heard some people discussing how to apply the patch to such systems. > So, I'd like to know for sure: is 6.x affected? Is another patch on the > way for it? > > bye & Thanks > av. The change that introduced the bug was made as follows: | Revision 1.124: download - view: text, markup, annotated - select for diffs | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp | Branches: MAIN | CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0 | Branch point for: RELENG_7 | Diff to: previous 1.123: preferred, colored | Changes since revision 1.123: +20 -10 lines | | In the event a process is tainted (setuid/setgid binaries), un-set any | potentially dangerous environment variables all together. It should be | noted that the run-time linker will not honnor these environment variables | if the process is tainted currently. However, once a child of the tainted | process calls setuid(2), it's status as being tainted (as defined by | issetugid(2)) will be removed. This could be problematic because | subsequent activations of the run-time linker could honnor these | dangerous variables. | | This is more of an anti foot-shot mechanism, there is nothing I am | aware of in base that does this, however there may be third party | utilities which do, and there is no real negative impact of clearing | these environment variables. | | Discussed on: secteam | Reviewed by: cperciva | PR: kern/109836 | MFC after: 2 weeks This was also ported MFC'd into 6.3 onwards: | Revision 1.106.2.7: download - view: text, markup, annotated - select for diffs | Sat Jul 14 19:04:00 2007 UTC (2 years, 4 months ago) by csjp | Branches: RELENG_6 | CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3 | Branch point for: RELENG_6_4 | Diff to: previous 1.106.2.6: preferred, colored; branchpoint 1.106: preferred, colored; next MAIN 1.107: preferred, colored | Changes since revision 1.106.2.6: +20 -10 lines | | MFC rtld.c revision 1.124 | | Unset potentially harmful environment variables. | | Discussed on: seacteam | PR: kern/109836 So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.