Hello,
I'm afraid that I temporarily introduced a security problem in
NetBSD-current today. If you have built either "libc" or "ld.elf_so"
today between these two commits ...
http://mail-index.netbsd.org/source-changes/2010/11/14/msg014495.html
http://mail-index.netbsd.org/source-changes/2010/11/14/msg014487.html
... your system is vulnerable to execution of setuid binaries
with "LD_LIBRARY_PATH" set.
The fix is to update "src/lib/libc", rebuild in that directory,
install the new library and then rebuild and install in
"src/libexec/ld.elf_so". Running "build.sh" and installing the
resulting binaries will of course fix the problem as well.
I'm sorry for the problem but I wasn't expecting that internal
"libc" functions get used outside of "libc".
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
Attachment:
pgpxpw52OcpN1.pgp
Description: PGP signature