From owner-freebsd-security@FreeBSD.ORG Mon Oct 5 11:48:14 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5455D1065676 for ; Mon, 5 Oct 2009 11:48:14 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from mail-px0-f192.google.com (mail-px0-f192.google.com [209.85.216.192]) by mx1.freebsd.org (Postfix) with ESMTP id 2A6A58FC17 for ; Mon, 5 Oct 2009 11:48:13 +0000 (UTC) Received: by pxi30 with SMTP id 30so262714pxi.7 for ; Mon, 05 Oct 2009 04:48:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=h0fI0Hp1d9CZMTt15Lcvb6lV9nubaQsDYE7JBL4sl1o=; b=JhIcNclxA3kkygUxNyZYrk8BxDZG2wQGpT8huAYzOX/YTSb2toRMNq0v8ACXZ1t3UU i8xshpkFYvCKA13PYLzDnOxLmkqLafwEDKXXyfAUtTTxZo4aexFp0vj/idXdIRTUAGO/ LYFisGlHfC+TLTotmc7uqb0YumUmkt+xjU9yI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=mtMCW/GmHFSeeiz6FZT/CDQkIbpZeJozPcdf++ZMjKOflR8Iggt5W5L82A2Ktd0x3P jHYVbA6KHFjpOPziCvXk977qYbS+obM0+aWyDD81KBTWgmtvPzvhoBv+GHa5LG/3dbOm f32fphX52Q4KlPmMjbIrEfcE+uRj10M9exycU= MIME-Version: 1.0 Received: by 10.141.37.13 with SMTP id p13mr891254rvj.193.1254741805756; Mon, 05 Oct 2009 04:23:25 -0700 (PDT) In-Reply-To: <200910022012.n92KC4Tb003955@freefall.freebsd.org> References: <200910022012.n92KC4Tb003955@freefall.freebsd.org> Date: Mon, 5 Oct 2009 18:23:25 +0700 Message-ID: <4d4dc3640910050423i24d9ee19q967152458b449df6@mail.gmail.com> From: budsz To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:14.devfs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 11:48:14 -0000 On Sat, Oct 3, 2009 at 3:12 AM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-09:14.devfs =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0Security Advisory > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0The FreeBSD Project > > Topic: =A0 =A0 =A0 =A0 =A0Devfs / VFS NULL pointer race condition > > Category: =A0 =A0 =A0 core > Module: =A0 =A0 =A0 =A0 kern > Announced: =A0 =A0 =A02009-10-02 > Credits: =A0 =A0 =A0 =A0Przemyslaw Frasunek > Affects: =A0 =A0 =A0 =A0FreeBSD 6.x and 7.x > Corrected: =A0 =A0 =A02009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A02009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-R= ELEASE-p4) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A02009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-R= ELEASE-p8) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A02009-10-02 18:09:56 UTC (RELENG_6, 6.4-STA= BLE) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A02009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-R= ELEASE-p7) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A02009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-R= ELEASE-p13) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. =A0 Background > > The device file system (devfs) provides access to system devices, such as > storage devices and serial ports, via the file system namespace. > > VFS is the Virtual File System, which abstracts file system operations in > the kernel from the actual underlying file system. > > II. =A0Problem Description > > Due to the interaction between devfs and VFS, a race condition exists > where the kernel might dereference a NULL pointer. > > III. Impact > > Successful exploitation of the race condition can lead to local kernel > privilege escalation, kernel data corruption and/or crash. > > To exploit this vulnerability, an attacker must be able to run code with = user > privileges on the target system. > > IV. =A0Workaround > > An errata note, FreeBSD-EN-09:05.null has been released simultaneously to > this advisory, and contains a kernel patch implementing a workaround for = a > more broad class of vulnerabilities. =A0However, prior to those changes, = no > workaround is available. > > V. =A0 Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the > RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch > dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 6.3, 6.4, > 7.1, and 7.2 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 6.x] > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch.asc > > [FreeBSD 7.x] > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. =A0Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Revision > =A0Path > - -----------------------------------------------------------------------= -- > RELENG_6 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 1.114.2.17 > RELENG_6_4 > =A0src/UPDATING =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A01.416.2.40.2.11 > =A0src/sys/conf/newvers.sh =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A01.69.2.18.2.13 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 1.114.2.16.2.2 > RELENG_6_3 > =A0src/UPDATING =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A01.416.2.37.2.18 > =A0src/sys/conf/newvers.sh =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A01.69.2.15.2.17 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 1.114.2.15.2.1 > RELENG_7 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A01.149.2.9 > RELENG_7_2 > =A0src/UPDATING =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 1.507.2.23.2.7 > =A0src/sys/conf/newvers.sh =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 1.72.2.11.2.8 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A01.149.2.8.2.2 > RELENG_7_1 > =A0src/UPDATING =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A01.507.2.13.2.11 > =A0src/sys/conf/newvers.sh =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 1.72.2.9.2.12 > =A0src/sys/fs/devfs/devfs_vnops.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A01.149.2.4.2.2 > - -----------------------------------------------------------------------= -- > > Subversion: > > Branch/path =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Revision > - -----------------------------------------------------------------------= -- > stable/6/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r197715 > releng/6.4/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r197715 > releng/6.3/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r197715 > stable/7/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r192301 > releng/7.2/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r197715 > releng/7.1/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r197715 > - -----------------------------------------------------------------------= -- > > VII. References > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-09:14.devfs.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (FreeBSD) > > iD8DBQFKxltlFdaIBMps37IRAp4zAJwJEwIySGqxH4EXwc0wjkDXlcTb1wCfTltO > Syds53GSM0YbsMNUVMGsLaU=3D > =3DexPZ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" > Hi folks, I just got some problem when compling my kerne. Here we go: rm -f hack.c MAKE=3Dmake sh /usr/src/sys/conf/newvers.sh WILLSZPROXY cc -c -O -pipe -std=3Dc99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -mno-align-long-strings -mpreferred-stack-boundary=3D2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3 -ffreestanding -Werror vers.c linking kernel.debug kern_fork.o(.text+0x1d18): In function `fork1': /usr/src/sys/kern/kern_fork.c:737: undefined reference to `knote_fork' *** Error code 1 Stop in /usr/obj/usr/src/sys/WILLSZPROXY. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. My box running FreeBSD 7.2-STABLE. Thanks in advance. --=20 budsz