Date: Thu, 03 Dec 2009 18:29:14 +0000 From: Jamie Landeg Jones <jamie@bishopston.net> To: timo.schoeler@riscworks.net, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <200912031829.nB3ITEiX015363@catflap.bishopston.net> In-Reply-To: <4B17D39B.5030204@riscworks.net> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net> <4B17D39B.5030204@riscworks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> So, what would be 'best of practice' to apply the patch to 6.3-RELEASE > upwards -- is the FreeBSD-7 patch applicable or should one wait for an > official announcement? I just noticed that the patch I replied with is basically the same as the Freebsd-7 patch that was posted. However, as has already been discussed, 6.X isn't exploitable by the posted bug, because the changes to the env functions that allow the exploit to work didn't happen until 7.X However, I would certainly apply the patch anyway - basically, the old way was just blindly unsetting environment variables and blindly assuming the unsetting worked. The new way does exactly the same unsetting, but if any of the unsets fails (due to corrupt environment) it aborts. Just in case there is some other way of exploiting the fact that rtld.c didn't check whether unsetenv was successful (which I bet people are now looking for) I'd apply the patch to 6.3 and 6.4 also, just to be sure. Cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912031829.nB3ITEiX015363>