Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

HEADS-UP: temporary security problem in today's NetBSD-current


I'm afraid that I temporarily introduced a security problem in
NetBSD-current today. If you have built either "libc" or "ld.elf_so"
today between these two commits ...

... your system is vulnerable to execution of setuid binaries
with "LD_LIBRARY_PATH" set.

The fix is to update "src/lib/libc", rebuild in that directory,
install the new library and then rebuild and install in
"src/libexec/ld.elf_so". Running "" and installing the
resulting binaries will of course fix the problem as well.

I'm sorry for the problem but I wasn't expecting that internal
"libc" functions get used outside of "libc".

        Kind regards

Matthias Scheler                        

Attachment: pgpxpw52OcpN1.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index