Re: HEADS-UP: temporary security problem in today's NetBSD-current

To: Matthias Scheler <tron%NetBSD.org@localhost>
Subject: Re: HEADS-UP: temporary security problem in today's NetBSD-current
From: Marc Balmer <mbalmer%NetBSD.org@localhost>
Date: Sun, 14 Nov 2010 23:35:41 +0100

Am 14.11.10 23:20, schrieb Matthias Scheler:
> 
>       Hello,
> 
> I'm afraid that I temporarily introduced a security problem in
> NetBSD-current today. If you have built either "libc" or "ld.elf_so"
> today between these two commits ...
> 
> http://mail-index.netbsd.org/source-changes/2010/11/14/msg014495.html
> http://mail-index.netbsd.org/source-changes/2010/11/14/msg014487.html
> 
> ... your system is vulnerable to execution of setuid binaries
> with "LD_LIBRARY_PATH" set.
> 
> The fix is to update "src/lib/libc", rebuild in that directory,
> install the new library and then rebuild and install in
> "src/libexec/ld.elf_so". Running "build.sh" and installing the
> resulting binaries will of course fix the problem as well.
> 
> I'm sorry for the problem but I wasn't expecting that internal
> "libc" functions get used outside of "libc".
> 
>       Kind regards
> 

now you owe us beers... ;)

Follow-Ups:
- Re: HEADS-UP: temporary security problem in today's NetBSD-current
  - From: Matthias Scheler

References:
- HEADS-UP: temporary security problem in today's NetBSD-current
  - From: Matthias Scheler

Prev by Date: HEADS-UP: temporary security problem in today's NetBSD-current
Next by Date: Re: HEADS-UP: temporary security problem in today's NetBSD-current
Previous by Thread: HEADS-UP: temporary security problem in today's NetBSD-current
Next by Thread: Re: HEADS-UP: temporary security problem in today's NetBSD-current
Indexes:

Home | Main Index | Thread Index | Old Index