Date: Thu, 7 Sep 2000 10:49:26 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000907104925.A37872@mithrandr.moria.org> In-Reply-To: <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz>; from mencl@nenya.ms.mff.cuni.cz on Thu, Sep 07, 2000 at 10:12:11AM %2B0200 References: <Pine.BSF.4.21.0009051020390.17724-100000@freefall.freebsd.org> <Pine.GSO.4.10.10009071007410.11627-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2000-09-07 (10:12), Vladimir Mencl, MK, susSED wrote: > > > Wouldn't a FreeBSD system with Linux compatibility being utilised be > > > vulnerable too? > > > > Yes, but only if you've installed a vulnerable linux binary which is > > setuid or setgid something. We don't install any set[ug]id binaries in the > > linux_base or linux_devtools ports. > > > > Kris > > However, I think that FreeBSD is vulnerable with the sudo port > installed. > > Although sudo discards some dangerous environment variables (LD_LIBRARY_PATH) > it does pass the LC_ALL, PATH_LOCALE variables through. > > Therefore, I belive, that any user allowed to use sudo to execute a > program with elevated privileges, can potentially exploit this > vulnerability. > > So, at least a port security advisory should be issued, and possibly the > sudo port patched to discard locale-specific environment variables. Why would someone install the sudo RedHat package on FreeBSD? Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000907104925.A37872>