From owner-freebsd-security@FreeBSD.ORG Thu Dec 3 17:40:22 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8EC3B106566B for ; Thu, 3 Dec 2009 17:40:22 +0000 (UTC) (envelope-from jamie@bishopston.net) Received: from pacha.mail.bishopston.net (pacha.mail.bishopston.net [IPv6:2001:5c0:1100:200::3]) by mx1.freebsd.org (Postfix) with ESMTP id 241258FC1A for ; Thu, 3 Dec 2009 17:40:21 +0000 (UTC) X-Catflap-Envelope-From: X-Catflap-Envelope-To: freebsd-security@freebsd.org Received: from catflap.bishopston.net (jamie@localhost [127.0.0.1]) by catflap.bishopston.net (8.14.3/8.14.3) with ESMTP id nB3HeK02058040; Thu, 3 Dec 2009 17:40:20 GMT (envelope-from jamie@catflap.bishopston.net) Received: (from jamie@localhost) by catflap.bishopston.net (8.14.3/8.12.9/Submit) id nB3HeKbQ058031; Thu, 3 Dec 2009 17:40:20 GMT From: Jamie Landeg Jones Message-Id: <200912031740.nB3HeKbQ058031@catflap.bishopston.net> Date: Thu, 03 Dec 2009 17:40:20 +0000 Organization: http://www.bishopston.com/jamie/ To: ml@netfence.it, freebsd-security@freebsd.org References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net> <4B17D4B9.103@netfence.it> In-Reply-To: <4B17D4B9.103@netfence.it> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (catflap.bishopston.net [127.0.0.1]); Thu, 03 Dec 2009 17:40:20 +0000 (GMT) X-Virus-Scanned: clamav-milter 0.95.2 at catflap.bishopston.net X-Virus-Status: Clean Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 17:40:22 -0000 > Jamie Landeg Jones ha scritto: > > > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't. > > Thanks. > So, is a patch on the way for 6.[34] too? > I guess the sec team just wanted to get out what they had as soon as > possible and I agree with them and thanks them. > But I just need to plan... :-) I don't know - are they still supported? Anyway, I just made this patch. I don't have any 6.X machines to test it on, but it should work on 6.3 and 6.4 (put it this way, if it doesn't work it will fail to compile, rather than break your machine!): Incidently, I am not part of the offical freebsd team. cheers, Jamie --- rtld.c.orig 2007-07-14 20:04:00.000000000 +0100 +++ rtld.c 2009-12-03 17:29:58.000000000 +0000 @@ -349,11 +349,12 @@ * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;