Date: Tue, 23 Apr 2002 16:51:17 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Mike Barcroft <mike@FreeBSD.org> Cc: Garrett Wollman <wollman@lcs.mit.edu>, "M. Warner Losh" <imp@village.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <84334.1019573477@critter.freebsd.dk> In-Reply-To: Your message of "Tue, 23 Apr 2002 10:47:22 EDT." <20020423104722.D72727@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20020423104722.D72727@espresso.q9media.com>, Mike Barcroft writes: >Doing the base system will be far easier than say changing all >function declarations from K&R to ANSI C. The 6 line check could >easily be added to a common libc function, and one line function call >added to the main() of every set[ug]id program. I'm willing to do >develop a patchset over the weekend. By all means. >As far as ports go, every port that relies on the standard file >descriptors being open and doesn't check for them, is vulnerable to >this exploit on almost every UNIX-like system including most versions >of FreeBSD. Security advisories should be released for those ports >and fixes coordinated with the vendors. In the meantime the kernel protects users from these. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84334.1019573477>