ports/148911: maintainer update: mark security/isolate forbidden due to security issue
Steve Wills
steve at mouf.net
Sat Jul 24 19:50:09 UTC 2010
>Number: 148911
>Category: ports
>Synopsis: maintainer update: mark security/isolate forbidden due to security issue
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jul 24 19:50:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Steve Wills
>Release: 8.1-RC2
>Organization:
>Environment:
>Description:
The security/isolate port currently suffers from local root privileges escalation problems. It should not be used. The attached patch marks it forbidden. Also marks it broken on pre 8.x due to lack of unlinkat (and openat) syscalls, in preparation for when the security issue is fixed.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN security/isolate.orig/Makefile security/isolate/Makefile
--- security/isolate.orig/Makefile 2010-07-24 15:35:34.963084308 -0400
+++ security/isolate/Makefile 2010-07-24 15:38:47.628535561 -0400
@@ -24,8 +24,10 @@
.include <bsd.port.pre.mk>
-.if ${OSVERSION} < 700025
-IGNORE= does not compile (needs gelf.h)
+.if ${OSVERSION} < 800000
+IGNORE= does not compile (needs unlinkat)
.endif
+FORBIDDEN= isolate currently suffers from local root privilege escallation bugs
+
.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list