Date: Thu, 28 Sep 2000 01:16:44 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: sigma@pair.com Cc: security@FreeBSD.org Subject: Re: Status of FreeBSD-SA-00:41.elf? Message-ID: <200009280516.e8S5Gi507297@green.dyndns.org> In-Reply-To: Your message of "Wed, 27 Sep 2000 14:24:43 EDT." <20000927182443.7666.qmail@smx.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The following advisory went out on August 28, 2000. It indicates that 4.x > and 5.x are fixed, and implies that a fix for 3.x would be forthcoming. > We actually delayed the rollout of 3.5-STABLE for our users based on this > advisory. A month has passed, and I can't find any discussion of this > issue, nor any hint as to what the "logistical difficulties" are that the > advisory mentions. > > The patch does in fact seem to work under 3.5-STABLE - at least, the new > kernel runs "fine". But without a malformed ELF executable to try out, I > can't tell if the problem is really fixed. > > Does anyone either 1) know how to correctly patch 3.5-STABLE for this > problem, or 2) have a malformed ELF executable handy with which to verify > the problem? I'd like to know the matter is resolved. > > Kevin Martin > sigma@pair.com Yay! Someone to test the changes on 3.5! I expected the changes would work fine, but I don't feel like breaking things to fix a local DoS (especially since it's a slightly less serious one (no data loss), and many local DoSes exist on any OS -- the known ones take work to get rid of, and some may be impossible). Anyway, if it works, the you should be able to do the following: {"/home/green"}$ dd if=/bin/dd bs=32k count=1 of=evil_dd 1+0 records in 1+0 records out 32768 bytes transferred in 0.001847 secs (17740926 bytes/sec) {"/home/green"}$ chmod +x evil_dd && ./evil_dd elf_load_section: truncated ELF file Abort <rant style="obsolescence"> Taking into account that you've tested it, now I'd be able to MFC it :) It's just not a good idea to use 3.X anyway -- the 4.X series has started off and continued much stronger than 3.X. It was a stretch even doing the last 3.5-RELEASE because of so much general feeling of, "ugh, why should anyone use 3.X?" among the crew. I should say we would do well to stop "supporting" 3.X anymore and let people know (a bit louder perhaps?) 3.5 is the end of the line for 3.X and the proper solution is an upgrade to _4.X_. It's simply not very interesting or useful to be supporting something that should be phased out instead of "sorta upgraded" to the latest small increment of a quietly dying line. </rant> -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009280516.e8S5Gi507297>