Re: FreeBSD (and other BSDs?) local root explot

From: Todd C. Miller (Todd.Millerat_private)
Date: Fri Aug 27 1999 - 08:34:11 PDT

Next message: Andreas Jaeger: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"

Previous message: Jose Luis Martinez Arranz: "libtermcap xterm exploit"
Maybe in reply to: Przemyslaw Frasunek: "FreeBSD (and other BSDs?) local root explot"
Next in thread: Stas Kisel: "Re: FreeBSD (and other BSDs?) local root explot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This looks like the BSD libc fts.c bug discussed here in May.
OpenBSD is not vulnerable to this since it does not follow symlinks
when dumping core.  Also, I committed a fix in OpenBSD to the fts.c
bug (based on the bugtraq posting) shortly after it was found.
As a result find did not get a SEGV on OpenBSD-current (and if it
had find.core would not have followed the link anyway).

I have passed along the fts.c patch to the NetBSD folks and I know
that one of the FreeBSD guys was recently working on incorporating
changes from the OpenBSD fts.c.  I don't see the relevant change in
FreeBSD-current though.

>From discussions on the NetBSD secuirty list it looks like NetBSD
is going to disallow core dumps through a symlink--I would encourage
FreeBSD to do the same.

 - todd

Next message: Andreas Jaeger: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Previous message: Jose Luis Martinez Arranz: "libtermcap xterm exploit"
Maybe in reply to: Przemyslaw Frasunek: "FreeBSD (and other BSDs?) local root explot"
Next in thread: Stas Kisel: "Re: FreeBSD (and other BSDs?) local root explot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:09 PDT