Date: Thu, 28 Sep 2000 01:16:44 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: sigma@pair.com Cc: security@FreeBSD.org Subject: Re: Status of FreeBSD-SA-00:41.elf? Message-ID: <200009280516.e8S5Gi507297@green.dyndns.org> In-Reply-To: Your message of "Wed, 27 Sep 2000 14:24:43 EDT." <20000927182443.7666.qmail@smx.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> The following advisory went out on August 28, 2000. It indicates that 4.x
> and 5.x are fixed, and implies that a fix for 3.x would be forthcoming.
> We actually delayed the rollout of 3.5-STABLE for our users based on this
> advisory. A month has passed, and I can't find any discussion of this
> issue, nor any hint as to what the "logistical difficulties" are that the
> advisory mentions.
>
> The patch does in fact seem to work under 3.5-STABLE - at least, the new
> kernel runs "fine". But without a malformed ELF executable to try out, I
> can't tell if the problem is really fixed.
>
> Does anyone either 1) know how to correctly patch 3.5-STABLE for this
> problem, or 2) have a malformed ELF executable handy with which to verify
> the problem? I'd like to know the matter is resolved.
>
> Kevin Martin
> sigma@pair.com
Yay! Someone to test the changes on 3.5! I expected the changes would work
fine, but I don't feel like breaking things to fix a local DoS (especially
since it's a slightly less serious one (no data loss), and many local DoSes
exist on any OS -- the known ones take work to get rid of, and some may be
impossible).
Anyway, if it works, the you should be able to do the following:
{"/home/green"}$ dd if=/bin/dd bs=32k count=1 of=evil_dd
1+0 records in
1+0 records out
32768 bytes transferred in 0.001847 secs (17740926 bytes/sec)
{"/home/green"}$ chmod +x evil_dd && ./evil_dd
elf_load_section: truncated ELF file
Abort
<rant style="obsolescence">
Taking into account that you've tested it, now I'd be able to MFC it :)
It's just not a good idea to use 3.X anyway -- the 4.X series has started
off and continued much stronger than 3.X. It was a stretch even doing the
last 3.5-RELEASE because of so much general feeling of, "ugh, why should
anyone use 3.X?" among the crew.
I should say we would do well to stop "supporting" 3.X anymore and let
people know (a bit louder perhaps?) 3.5 is the end of the line for 3.X and
the proper solution is an upgrade to _4.X_. It's simply not very
interesting or useful to be supporting something that should be phased out
instead of "sorta upgraded" to the latest small increment of a quietly
dying line.
</rant>
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green@FreeBSD.org `------------------------------'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009280516.e8S5Gi507297>