From owner-svn-doc-all@FreeBSD.ORG Fri Jun 21 21:41:49 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 675F296D; Fri, 21 Jun 2013 21:41:49 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 3FD0217FF; Fri, 21 Jun 2013 21:41:49 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r5LLfn7I050102; Fri, 21 Jun 2013 21:41:49 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r5LLfn0q050101; Fri, 21 Jun 2013 21:41:49 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201306212141.r5LLfn0q050101@svn.freebsd.org> From: Xin LI Date: Fri, 21 Jun 2013 21:41:49 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41998 - head/share/security/advisories X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jun 2013 21:41:49 -0000 Author: delphij Date: Fri Jun 21 21:41:48 2013 New Revision: 41998 URL: http://svnweb.freebsd.org/changeset/doc/41998 Log: Commit revised advisory for 13:06.mmap. Modified: head/share/security/advisories/FreeBSD-SA-13:06.mmap.asc Modified: head/share/security/advisories/FreeBSD-SA-13:06.mmap.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-13:06.mmap.asc Fri Jun 21 17:57:26 2013 (r41997) +++ head/share/security/advisories/FreeBSD-SA-13:06.mmap.asc Fri Jun 21 21:41:48 2013 (r41998) @@ -13,14 +13,20 @@ Announced: 2013-06-18 Credits: Konstantin Belousov Alan Cox Affects: FreeBSD 9.0 and later -Corrected: 2013-06-18 09:04:19 UTC (stable/9, 9.1-STABLE) - 2013-06-18 09:05:51 UTC (releng/9.1, 9.1-RELEASE-p4) +Corrected: 2013-06-18 07:04:19 UTC (stable/9, 9.1-STABLE) + 2013-06-18 07:05:51 UTC (releng/9.1, 9.1-RELEASE-p4) CVE Name: CVE-2013-2171 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision History + +v1.0 2013-06-18 Initial release. +v1.1 2013-06-21 Corrected correction date. + Added workaround information. + I. Background The FreeBSD virtual memory system allows files to be memory-mapped. @@ -51,7 +57,23 @@ arbitrary code with user privileges on t IV. Workaround -No workaround is available. +Systems that do not allow unprivileged users to use the ptrace(2) +system call are not vulnerable, this can be accomplished by setting +the sysctl variable security.bsd.unprivileged_proc_debug to zero. +Please note that this will also prevent debugging tools, for instance +gdb, truss, procstat, as well as some built-in debugging facilities in +certain scripting language like PHP, etc., from working for unprivileged +users. + +The following command will set the sysctl accordingly and works until the +next reboot of the system: + + sysctl security.bsd.unprivileged_proc_debug=0 + +To make this change persistent across reboot, the system administrator +should also add the setting into /etc/sysctl.conf: + + echo 'security.bsd.unprivileged_proc_debug=0' >> /etc/sysctl.conf V. Solution @@ -112,16 +134,13 @@ Or visit the following URL, replacing XX VII. References - - The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.13 (FreeBSD) -iEYEARECAAYFAlHAB+YACgkQFdaIBMps37IjFACdFSoiYO1YkcPunLh7Zw4TC6MF -X9MAnjjVWB2uEl60Rl3K4WOuJ71AVNlP -=8309 +iEYEARECAAYFAlHExy0ACgkQFdaIBMps37L8PwCdGXatzPm7OWjZu+GmbbXQC16/ +8sgAoJ0LEmREO8Mp7f4YcLHAEwgnJtjT +=WRZD -----END PGP SIGNATURE-----