From owner-freebsd-security@FreeBSD.ORG Fri Sep 30 10:23:06 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E670A106568E for ; Fri, 30 Sep 2011 10:23:06 +0000 (UTC) (envelope-from bounces+73574-f30d-freebsd-security=freebsd.org@sendgrid.info) Received: from o3.sendgrid.info (o3.sendgrid.info [67.228.50.51]) by mx1.freebsd.org (Postfix) with SMTP id AF2D88FC0A for ; Fri, 30 Sep 2011 10:23:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h= message-id:date:from:reply-to:mime-version:to:subject :content-type:content-transfer-encoding; s=smtpapi; bh=z0gUR7Tu9 4rQFZBeJSM06HEL04Q=; b=RJcmyaWuprHEPdr4sea8/mn1ZZvIrtLxRBRLZm3uj 85CpEwqlLa0R0jJfD3mD/KJmpL2Q0J8k0v+YkmMOZ2sbJRIAIvO1hMXchw05210Y bzBqj/OHSXSeMRle+ZelJxfH/NwZkwkBtc93nlw76xMxZ6lzBXdp3IMfqnsZHIxe rg= Received: by 10.8.49.96 with SMTP id mf44.8474.4E8577805 Fri, 30 Sep 2011 03:02:08 -0500 (CDT) Received: from mail.tarsnap.com (unknown [10.9.180.5]) by mi11 (SG) with ESMTP id 4e857780.53cf.282d522 for ; Fri, 30 Sep 2011 03:02:08 -0500 (CST) Received: (qmail 76787 invoked from network); 30 Sep 2011 08:00:32 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by mail.tarsnap.com with ESMTP; 30 Sep 2011 08:00:32 -0000 Received: (qmail 31026 invoked from network); 30 Sep 2011 08:00:25 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by clamshell.daemonology.net with SMTP; 30 Sep 2011 08:00:25 -0000 Message-ID: <4E857719.7060306@freebsd.org> Date: Fri, 30 Sep 2011 01:00:25 -0700 From: FreeBSD Security Officer Organization: FreeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0.2) Gecko/20110914 Thunderbird/6.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org, freebsd-emulation@freebsd.org X-Enigmail-Version: undefined Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Sendgrid-EID: 5qVSvszVOIE6PbdhSmXigMotnDv2KVF2pFB0fKg9JzpPJtIk/1JjUQ0yoXl0YfxWJX4rzqIGoO8QigH3UAxtdv/ZO3LDH/L7/PFLn+5sE60ExxmZzJV1S+kPDekeCxHQ7JKSNGWm4Lnp+R6KIjc2/Mtc2Yetf1W7xF1aY9bVIPw= Cc: Subject: HEADS UP: breakage with linux emulation + SA-11:05.unix X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2011 10:23:07 -0000 Hi all, It appears that the security fix in SA-11:05.unix exposed a bug in the linux emulation code: Linux has a different size of sockaddr_un than FreeBSD, and the linux emulation code was passing socket addresses through without doing any translation first. This appears to break all X-using Linux code -- both applications and plugins such as the widely-used flash plugin -- and probably other Linux applications too. I am working on a fix for this and will send an updated advisory out as soon as it's ready. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid