FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Timo Schoeler
timo.schoeler at riscworks.net
Thu Dec 3 15:24:21 UTC 2009
thus Jamie Landeg Jones spake:
>> Sorry, this might seem a stupid question, but...
>> In several places I read that FreeBSD 6.x is NOT affected; however, I
>> heard some people discussing how to apply the patch to such systems.
>> So, I'd like to know for sure: is 6.x affected? Is another patch on the
>> way for it?
>>
>> bye & Thanks
>> av.
<snip>
So, what would be 'best of practice' to apply the patch to 6.3-RELEASE
upwards -- is the FreeBSD-7 patch applicable or should one wait for an
official announcement?
Best,
Timo
> The change that introduced the bug was made as follows:
>
> | Revision 1.124: download - view: text, markup, annotated - select for diffs
> | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp
> | Branches: MAIN
> | CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0
> | Branch point for: RELENG_7
> | Diff to: previous 1.123: preferred, colored
> | Changes since revision 1.123: +20 -10 lines
> |
> | In the event a process is tainted (setuid/setgid binaries), un-set any
> | potentially dangerous environment variables all together. It should be
> | noted that the run-time linker will not honnor these environment variables
> | if the process is tainted currently. However, once a child of the tainted
> | process calls setuid(2), it's status as being tainted (as defined by
> | issetugid(2)) will be removed. This could be problematic because
> | subsequent activations of the run-time linker could honnor these
> | dangerous variables.
> |
> | This is more of an anti foot-shot mechanism, there is nothing I am
> | aware of in base that does this, however there may be third party
> | utilities which do, and there is no real negative impact of clearing
> | these environment variables.
> |
> | Discussed on: secteam
> | Reviewed by: cperciva
> | PR: kern/109836
> | MFC after: 2 weeks
>
> This was also ported MFC'd into 6.3 onwards:
>
> | Revision 1.106.2.7: download - view: text, markup, annotated - select for diffs
> | Sat Jul 14 19:04:00 2007 UTC (2 years, 4 months ago) by csjp
> | Branches: RELENG_6
> | CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3
> | Branch point for: RELENG_6_4
> | Diff to: previous 1.106.2.6: preferred, colored; branchpoint 1.106: preferred, colored; next MAIN 1.107: preferred, colored
> | Changes since revision 1.106.2.6: +20 -10 lines
> |
> | MFC rtld.c revision 1.124
> |
> | Unset potentially harmful environment variables.
> |
> | Discussed on: seacteam
> | PR: kern/109836
>
>
> So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
More information about the freebsd-security
mailing list