Date: Thu, 26 Aug 1999 13:56:29 -0700 From: David Greenman <dg@root.com> To: dima@best.net Cc: imp@village.org (Warner Losh), gsutter@pobox.com (Gregory Sutter), security-officer@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot] Message-ID: <199908262056.NAA03100@implode.root.com> In-Reply-To: Your message of "Thu, 26 Aug 1999 10:58:45 PDT." <199908261758.KAA94925@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yikes, you're not proposing that we disable following of symlinks that point to binaries, are you? -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project - http://www.freebsd.org Creator of high-performance Internet servers - http://www.terasolutions.com Pave the road of life with opportunities. >Warner Losh writes: >> In message <199908261738.KAA94664@burka.rdy.com> Dima Ruban writes: >> : I've just committed a fix. >> >> Thanks Dima. It was first thing on my list after catching up on my >> email. Wanna write the advisory? Or at least give me verfied patch > >I'm not very good at writing advisories :-) > >> files? >> >> Warner >> > >-- dima > >For -current: > >*** kern/imgact_elf.c 1999/07/09 19:10:14 1.61 >--- kern/imgact_elf.c 1999/08/26 17:32:48 1.62 >*************** >*** 722,729 **** > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ > >! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >--- 722,729 ---- > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ > >! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >*** kern/imgact_aout.c 1999/05/17 00:53:36 1.52 >--- kern/imgact_aout.c 1999/08/26 17:32:48 1.53 >*************** >*** 264,271 **** > name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ >! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >--- 264,271 ---- > name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ >! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >----------cut here > >For 3.x-stable: > >*** kern/imgact_elf.c 1999/07/15 13:01:54 1.44.2.4 >--- kern/imgact_elf.c 1999/08/26 17:35:03 1.44.2.5 >*************** >*** 699,706 **** > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ > >! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >--- 699,706 ---- > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ > >! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >*** kern/imgact_aout.c 1999/04/14 04:55:22 1.44.2.1 >--- kern/imgact_aout.c 1999/08/26 17:35:02 1.44.2.2 >*************** >*** 259,266 **** > name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ >! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); >--- 259,266 ---- > name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); > if (name == NULL) > return (EFAULT); /* XXX -- not the best error */ >! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); >! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); > free(name, M_TEMP); > if (error) > return (error); > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908262056.NAA03100>