Date: Fri, 23 Mar 2007 05:58:31 +0100 From: "Tyop?" <tyoptyop@gmail.com> To: freebsd-bugs@freebsd.org, secteam@freebsd.org Subject: Re: kern/109836: Security patch for rtld, a lack of environment sanitization Message-ID: <985b1a3d0703222158l39dea342u5b836916fd180be@mail.gmail.com> In-Reply-To: <200703041240.l24CeqEl043970@freefall.freebsd.org> References: <200703041240.l24CeqEl043970@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/4/07, Simon L. Nielsen <simon@freebsd.org> wrote: > Synopsis: Security patch for rtld, a lack of environment sanitization > > Responsible-Changed-From-To: freebsd-bugs->secteam > Responsible-Changed-By: simon > Responsible-Changed-When: Sun Mar 4 12:40:30 UTC 2007 > Responsible-Changed-Why: > Secteam will look at this. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=109836 > It isn't a feature to keep this dangerous env. It isn't really critic, but it needs to be patched. I don't want to check every ports, programs, to find a setuid binary doing an execve, but I think someone could do it. And There's a chance he finds one. Thanks in advance. -- Guasconi Vincent French Student. http://altmylife.blogspot.com [fr]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?985b1a3d0703222158l39dea342u5b836916fd180be>