Date: Tue, 1 Dec 2009 10:52:33 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: freebsd-security@freebsd.org Cc: FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: Upcoming FreeBSD Security Advisory Message-ID: <ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb%2BhiG8R4R8/VS21128> In-Reply-To: <200912010120.nB11Kjm9087476@freefall.freebsd.org> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin, *, good day. Tue, Dec 01, 2009 at 01:20:45AM +0000, FreeBSD Security Officer wrote: > A short time ago a "local root" exploit was posted to the full-disclosure > mailing list; as the name suggests, this allows a local user to execute > arbitrary code as root. > > [...] > > The patch is at > http://people.freebsd.org/~cperciva/rtld.patch > and has SHA256 hash > ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1 Just to ease other's life: for 7.1 (and 7.0, but it seems to be at EoL now, so there is already no support for it), one should use another patch: ----- http://codelabs.ru/fbsd/patches/vulns/freebsd-7.0-rtld-unsetenv.diff SHA256 (freebsd-7.0-rtld-unsetenv.diff) = e5ebbea24073bf644d3bc0c1ba37674a387af656b4c7e583a564a83598930897 SHA1 (freebsd-7.0-rtld-unsetenv.diff) = 24a79be52be0ea00ed0ea279f25efbf597f9c850 ----- Actually, every system that has rtld.c with r190323 or lower, should use this variant -- clearing of LD_ELF_HINTS_PATH was introduced only in r190324. By the way, if people are using NO_DYNAMIC_ROOT and all setuid executables come from the system itself (no sudo and other stuff from ports or manual installations), such system is obviously safe from this issue -- no dynamic loading takes place. I don't mean that people with such systems shouldn't upgrade, but they probably can do it with a least urgency. Thanks for posting the patch! -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ov3Jq1IJ/c8KAXGQ501G8Os9xr8>