kern/109836: Security patch for rtld,
a lack of environment sanitization
tyoptyop at gmail.com
Fri Mar 23 05:26:20 UTC 2007
On 3/4/07, Simon L. Nielsen <simon at freebsd.org> wrote:
> Synopsis: Security patch for rtld, a lack of environment sanitization
> Responsible-Changed-From-To: freebsd-bugs->secteam
> Responsible-Changed-By: simon
> Responsible-Changed-When: Sun Mar 4 12:40:30 UTC 2007
> Secteam will look at this.
It isn't a feature to keep this dangerous env. It isn't really critic,
but it needs to be patched.
I don't want to check every ports, programs, to find a setuid binary
doing an execve,
but I think someone could do it. And There's a chance he finds one.
Thanks in advance.
More information about the freebsd-bugs