Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

From: Theo de Raadt (deraadtat_private)
Date: Mon Apr 22 2002 - 12:23:51 PDT

Next message: Patrick Oonk: "Pine Internet Advisory: Setuid application execution may give local root in FreeBSD"

Previous message: nawokat_private: "psyBNC 2.3 DoS / bug"
In reply to: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
Next in thread: bert hubert: "Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Topic:          insecure handling of stdio file descriptors

They didn't say so, but this work was obviously based on:

RCS file: /cvs/src/sys/kern/kern_exec.c,v
...
revision 1.20
date: 1998/07/02 08:53:04;  author: deraadt;  state: Exp;  lines: +38 -1
for sugid procs ensure that fd 0-2 are allocated slots (by pointing at
/dev/null -- future patch will use a dead vnode of some sort) to prevent
reuse (ie. new allocations) of these fd which libc makes many assumptions
about; problem noted by James Youngman

Next message: Patrick Oonk: "Pine Internet Advisory: Setuid application execution may give local root in FreeBSD"
Previous message: nawokat_private: "psyBNC 2.3 DoS / bug"
In reply to: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
Next in thread: bert hubert: "Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 14:36:58 PDT