FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Jamie Landeg Jones
jamie at bishopston.net
Thu Dec 3 18:29:16 UTC 2009
> So, what would be 'best of practice' to apply the patch to 6.3-RELEASE
> upwards -- is the FreeBSD-7 patch applicable or should one wait for an
> official announcement?
I just noticed that the patch I replied with is basically the same as the
Freebsd-7 patch that was posted.
However, as has already been discussed, 6.X isn't exploitable by the posted
bug, because the changes to the env functions that allow the exploit to work
didn't happen until 7.X
However, I would certainly apply the patch anyway - basically, the old way
was just blindly unsetting environment variables and blindly assuming the
unsetting worked.
The new way does exactly the same unsetting, but if any of the unsets fails
(due to corrupt environment) it aborts.
Just in case there is some other way of exploiting the fact that rtld.c didn't
check whether unsetenv was successful (which I bet people are now looking for)
I'd apply the patch to 6.3 and 6.4 also, just to be sure.
Cheers,
Jamie
More information about the freebsd-security
mailing list