From owner-cvs-all  Tue Apr 23  7:51:39 2002
Delivered-To: cvs-all@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP
	id A191037B400; Tue, 23 Apr 2002 07:51:33 -0700 (PDT)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g3NEpHHx084335;
	Tue, 23 Apr 2002 16:51:17 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: Mike Barcroft <mike@FreeBSD.org>
Cc: Garrett Wollman <wollman@lcs.mit.edu>,
	"M. Warner Losh" <imp@village.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h 
In-Reply-To: Your message of "Tue, 23 Apr 2002 10:47:22 EDT."
             <20020423104722.D72727@espresso.q9media.com> 
Date: Tue, 23 Apr 2002 16:51:17 +0200
Message-ID: <84334.1019573477@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

In message <20020423104722.D72727@espresso.q9media.com>, Mike Barcroft writes:

>Doing the base system will be far easier than say changing all
>function declarations from K&R to ANSI C.  The 6 line check could
>easily be added to a common libc function, and one line function call
>added to the main() of every set[ug]id program.  I'm willing to do
>develop a patchset over the weekend.

By all means.

>As far as ports go, every port that relies on the standard file
>descriptors being open and doesn't check for them, is vulnerable to
>this exploit on almost every UNIX-like system including most versions
>of FreeBSD.  Security advisories should be released for those ports
>and fixes coordinated with the vendors.

In the meantime the kernel protects users from these.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message