Date: Thu, 03 Dec 2009 10:15:14 -0800 From: Chuck Swiger <cswiger@mac.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> In-Reply-To: <4B179B90.10307@netfence.it> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote: > Sorry, this might seem a stupid question, but... > In several places I read that FreeBSD 6.x is NOT affected; however, I heard some people discussing how to apply the patch to such systems. So, I'd like to know for sure: is 6.x affected? Is another patch on the way for it? Well, I've tested the exploit and FreeBSD 6.4-STABLE was not vulnerable. Starting with 7.x, rtld was significantly re-written from the prior version, and that re-write included the security vulnerability. The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F>