[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: HEADS-UP: temporary security problem in today's NetBSD-current
Am 14.11.10 23:20, schrieb Matthias Scheler:
> I'm afraid that I temporarily introduced a security problem in
> NetBSD-current today. If you have built either "libc" or "ld.elf_so"
> today between these two commits ...
> ... your system is vulnerable to execution of setuid binaries
> with "LD_LIBRARY_PATH" set.
> The fix is to update "src/lib/libc", rebuild in that directory,
> install the new library and then rebuild and install in
> "src/libexec/ld.elf_so". Running "build.sh" and installing the
> resulting binaries will of course fix the problem as well.
> I'm sorry for the problem but I wasn't expecting that internal
> "libc" functions get used outside of "libc".
> Kind regards
now you owe us beers... ;)
Main Index |
Thread Index |