Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Dec 2009 18:29:14 +0000
From:      Jamie Landeg Jones <jamie@bishopston.net>
To:        timo.schoeler@riscworks.net, freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Message-ID:  <200912031829.nB3ITEiX015363@catflap.bishopston.net>
In-Reply-To: <4B17D39B.5030204@riscworks.net>
References:  <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net> <4B17D39B.5030204@riscworks.net>

next in thread | previous in thread | raw e-mail | index | archive | help
> So, what would be 'best of practice' to apply the patch to 6.3-RELEASE 
> upwards -- is the FreeBSD-7 patch applicable or should one wait for an 
> official announcement?

I just noticed that the patch I replied with is basically the same as the
Freebsd-7 patch that was posted.

However, as has already been discussed, 6.X isn't exploitable by the posted
bug, because the changes to the env functions that allow the exploit to work
didn't happen until 7.X

However, I would certainly apply the patch anyway - basically, the old way
was just blindly unsetting environment variables and blindly assuming the
unsetting worked.

The new way does exactly the same unsetting, but if any of the unsets fails
(due to corrupt environment) it aborts.

Just in case there is some other way of exploiting the fact that rtld.c didn't
check whether unsetenv was successful (which I bet people are now looking for)
I'd apply the patch to 6.3 and 6.4 also, just to be sure.

Cheers,
Jamie




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912031829.nB3ITEiX015363>