From owner-freebsd-questions@FreeBSD.ORG Thu Jan 29 02:38:49 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75F53FD9 for ; Thu, 29 Jan 2015 02:38:49 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 35E95BC2 for ; Thu, 29 Jan 2015 02:38:48 +0000 (UTC) Received: from r56.edvax.de (port-92-195-61-84.dynamic.qsc.de [92.195.61.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 904A927643 for ; Thu, 29 Jan 2015 03:38:39 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t0T2cciV002332 for ; Thu, 29 Jan 2015 03:38:38 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Thu, 29 Jan 2015 03:38:38 +0100 From: Polytropon To: freebsd-questions@freebsd.org Subject: Re: Linux "Ghost" Remote Code Execution Vulnerability Message-Id: <20150129033838.810254de.freebsd@edvax.de> In-Reply-To: <20150128145247.5086e9a4@scorpio> References: <20150128145247.5086e9a4@scorpio> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2015 02:38:49 -0000 On Wed, 28 Jan 2015 14:52:47 -0500, Jerry wrote: > Does this vulnerability affect FreeBSD? > > https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability FreeBSD's gethostbyname() is located in the standard C library, which is libc, not glibc (that Linux is using), so probably FreeBSD is not affected. However, programs linked against glibc and run in the Linux ABI environment might be affected, I assume. You can find a demonstration program here: http://www.openwall.com/lists/oss-security/2015/01/27/9 It's in section 4. On my home system, I get this: % cc -Wall -o ghost ghost.c % ./ghost should not happen Surprise: Neither "vulnerable" nor "not vulnerable" is printed. That result is interesting. It might indicate ternary logic. YES, NO, FILE_NOT_FOUND. :-) Note that 4.1 explicitely talks about "The GNU C Library" which FreeBSD does not use (or have). Section 4 mentions other programs (such as mount.nfs, ping, procmail) for further explanation. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...