kern/109836: Security patch for rtld,
a lack of environment sanitization
Tyop?
tyoptyop at gmail.com
Fri Mar 23 05:26:20 UTC 2007
On 3/4/07, Simon L. Nielsen <simon at freebsd.org> wrote:
> Synopsis: Security patch for rtld, a lack of environment sanitization
>
> Responsible-Changed-From-To: freebsd-bugs->secteam
> Responsible-Changed-By: simon
> Responsible-Changed-When: Sun Mar 4 12:40:30 UTC 2007
> Responsible-Changed-Why:
> Secteam will look at this.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=109836
>
It isn't a feature to keep this dangerous env. It isn't really critic,
but it needs to be patched.
I don't want to check every ports, programs, to find a setuid binary
doing an execve,
but I think someone could do it. And There's a chance he finds one.
Thanks in advance.
--
Guasconi Vincent
French Student.
http://altmylife.blogspot.com [fr]
More information about the freebsd-bugs
mailing list