Date: Thu, 26 Aug 1999 10:58:45 -0700 (PDT) From: dima@best.net (Dima Ruban) To: imp@village.org (Warner Losh) Cc: dima@best.net, gsutter@pobox.com (Gregory Sutter), security-officer@freebsd.org, freebsd-security@freebsd.org Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot] Message-ID: <199908261758.KAA94925@burka.rdy.com> In-Reply-To: <199908261744.LAA66156@harmony.village.org> from Warner Losh at "Aug 26, 1999 11:44:52 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh writes: > In message <199908261738.KAA94664@burka.rdy.com> Dima Ruban writes: > : I've just committed a fix. > > Thanks Dima. It was first thing on my list after catching up on my > email. Wanna write the advisory? Or at least give me verfied patch I'm not very good at writing advisories :-) > files? > > Warner > -- dima For -current: *** kern/imgact_elf.c 1999/07/09 19:10:14 1.61 --- kern/imgact_elf.c 1999/08/26 17:32:48 1.62 *************** *** 722,729 **** if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 722,729 ---- if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); *** kern/imgact_aout.c 1999/05/17 00:53:36 1.52 --- kern/imgact_aout.c 1999/08/26 17:32:48 1.53 *************** *** 264,271 **** name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 264,271 ---- name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); ----------cut here For 3.x-stable: *** kern/imgact_elf.c 1999/07/15 13:01:54 1.44.2.4 --- kern/imgact_elf.c 1999/08/26 17:35:03 1.44.2.5 *************** *** 699,706 **** if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 699,706 ---- if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); *** kern/imgact_aout.c 1999/04/14 04:55:22 1.44.2.1 --- kern/imgact_aout.c 1999/08/26 17:35:02 1.44.2.2 *************** *** 259,266 **** name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 259,266 ---- name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908261758.KAA94925>