Date: Thu, 03 Dec 2009 18:37:14 +0000 From: Jamie Landeg Jones <jamie@bishopston.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld Message-ID: <200912031837.nB3IbEKB036114@catflap.bishopston.net> In-Reply-To: <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com> References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <8ABB1EE2-4521-40EC-9E85-4A0E771D6B7F@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes. Ahhhh, I see. I was looking at the source of rtld.c to check when the change was made that allowed this vulnerability to exist, and that change was from 6.3 onwards. But it seems it's the changes to getenv/unsetenv from 7.0 onwards that cause this to be an exploitable issue. However, I'd still apply the patch in case some other way to exploit the non-checking of the unsetenv return status crops up elsewhere. It can't do any harm.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912031837.nB3IbEKB036114>