From owner-freebsd-security Mon Jan 28 3:50:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id 2718137B400 for ; Mon, 28 Jan 2002 03:50:27 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 190AE2D0761; Mon, 28 Jan 2002 05:50:26 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0SBoEc06476; Mon, 28 Jan 2002 05:50:14 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 28 Jan 2002 05:50:14 -0600 (CST) Message-Id: <200201281150.g0SBoEc06476@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 0.9.8a Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net> In-Reply-To: <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: FreeBSD-SA-02:08.exec patch for 4.0-RELEASE systems X-Original-Newsgroups: sol.lists.freebsd.security To: oleg@oleg.vsi.ru, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net>, oleg@oleg.vsi.ru writes: > 4.0-RELEASE systems seems to be affected with problems in this advisory. > > My company use a number of 4.0-RELEASE systems that are not upgradable for some > reasons. So I wrote a patch for these systems (below). Can anybody tell me, are > these changes in code sufficient to avoid problems listed in advisory ? Looks quite similar to the backported patches I made for 4.1-REL, 4.1.1-REL, and 4.2-REL. I'm not an expert, but it (and they) should work as advertised. Neither of us hacked the CHECKIO() macro found in 4.3-REL:/sys/miscfs/procfs/procfs.h into the older code, but I think we're still OK. Actually, from what I could see, the patch to that macro is redundant, but pro'lly a good idea as the code moves forward; (p->p_flag & P_INEXEC) will be one less thing to have to remember. > Index: sys/kern/kern_exec.c > diff -u sys/kern/kern_exec.c.orig sys/kern/kern_exec.c > > [SNIP] Thanks, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message