Date: Sun, 25 Dec 2011 21:27:35 -0800 From: Xin Li <delphij@delphij.net> To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: FreeBSD Security Advisory FreeBSD-SA-11:07.chroot - gcc 4.2.2+ Message-ID: <4EF805C7.1020909@delphij.net> In-Reply-To: <14084D15E2C949D5ACD68E678F704286@white> References: <201112231536.pBNFadWk078864@freefall.freebsd.org> <14084D15E2C949D5ACD68E678F704286@white>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/11 17:54, Dewayne Geraghty wrote: > Do the changes to libc imply that community members that install > and build their system using gcc 4.2.2+ will remain vulnerable? If > so, should the /usr/src/UPDATING reflect this ongoing exposure? > > (I note that 8.2S uses gcc version 4.2.2 20070831 prerelease > [FreeBSD] 9.0S has gcc 4.2.1) This have nothing to do with gcc as far as I can tell. It does require changes to your individual applications if they do chroot into untrusted environment. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk74BccACgkQOfuToMruuMCslACfXhGAxgpMlYwsPS/01JXoHqED o/UAnAyoYtv3vlRBo0szGptyh+qYaeEQ =cJ1L -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EF805C7.1020909>