FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Jamie Landeg Jones
jamie at bishopston.net
Thu Dec 3 18:37:20 UTC 2009
> The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes.
Ahhhh, I see. I was looking at the source of rtld.c to check when the change was made that allowed this vulnerability to exist, and that change was from 6.3 onwards.
But it seems it's the changes to getenv/unsetenv from 7.0 onwards that cause this to be an exploitable issue.
However, I'd still apply the patch in case some other way to exploit the non-checking of the unsetenv return status crops up elsewhere.
It can't do any harm.
More information about the freebsd-security
mailing list