Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Dec 2009 16:04:59 +0100
From:      Timo Schoeler <timo.schoeler@riscworks.net>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Message-ID:  <4B17D39B.5030204@riscworks.net>
In-Reply-To: <200912031455.nB3EtriT031315@catflap.bishopston.net>
References:  <200912030930.nB39UhW9038238@freefall.freebsd.org>	<4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net>

next in thread | previous in thread | raw e-mail | index | archive | help
thus Jamie Landeg Jones spake:
>> Sorry, this might seem a stupid question, but...
>> In several places I read that FreeBSD 6.x is NOT affected; however, I 
>> heard some people discussing how to apply the patch to such systems.
>> So, I'd like to know for sure: is 6.x affected? Is another patch on the 
>> way for it?
>>
>>   bye & Thanks
>> 	av.

<snip>

So, what would be 'best of practice' to apply the patch to 6.3-RELEASE 
upwards -- is the FreeBSD-7 patch applicable or should one wait for an 
official announcement?

Best,

Timo

> The change that introduced the bug was made as follows:
> 
>  | Revision 1.124: download - view: text, markup, annotated - select for diffs
>  | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp
>  | Branches: MAIN
>  | CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0
>  | Branch point for: RELENG_7
>  | Diff to: previous 1.123: preferred, colored
>  | Changes since revision 1.123: +20 -10 lines
>  | 
>  | In the event a process is tainted (setuid/setgid binaries), un-set any
>  | potentially dangerous environment variables all together. It should be
>  | noted that the run-time linker will not honnor these environment variables
>  | if the process is tainted currently. However, once a child of the tainted
>  | process calls setuid(2), it's status as being tainted (as defined by
>  | issetugid(2)) will be removed. This could be problematic because
>  | subsequent activations of the run-time linker could honnor these
>  | dangerous variables.
>  | 
>  | This is more of an anti foot-shot mechanism, there is nothing I am
>  | aware of in base that does this, however there may be third party
>  | utilities which do, and there is no real negative impact of clearing
>  | these environment variables.
>  | 
>  | Discussed on:	secteam
>  | Reviewed by:	cperciva
>  | PR:		kern/109836
>  | MFC after:	2 weeks
> 
> This was also ported MFC'd into 6.3 onwards:
> 
>  | Revision 1.106.2.7: download - view: text, markup, annotated - select for diffs
>  | Sat Jul 14 19:04:00 2007 UTC (2 years, 4 months ago) by csjp
>  | Branches: RELENG_6
>  | CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3
>  | Branch point for: RELENG_6_4
>  | Diff to: previous 1.106.2.6: preferred, colored; branchpoint 1.106: preferred, colored; next MAIN 1.107: preferred, colored
>  | Changes since revision 1.106.2.6: +20 -10 lines
>  | 
>  | MFC rtld.c revision 1.124
>  | 
>  | Unset potentially harmful environment variables.
>  | 
>  | Discussed on:	seacteam
>  | PR:		kern/109836
> 
> 
> So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B17D39B.5030204>