Re: FreeBSD local r00t zeroday
Jeremy Chadwick wrote: On Tue, Dec 01, 2009 at 06:04:05PM +0700, ~Lst wrote: Hello all, What d'you think about this ? http://seclists.org/fulldisclosure/2009/Nov/371 Are you actually asking for an opinions of a security hole, or are you just trying to bring it to our attention? An official statement was already issued to freebsd-security about 10 hours ago: http://lists.freebsd.org/pipermail/freebsd-security/2009-December/005369.html Where is detailed instruction? I can not find ... I can't apply the patch: # cd /usr/src/libexec/rtld-elf/ [r...@mymachin /usr/src/libexec/rtld-elf]# patch rtld.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: rtld.c |=== |--- rtld.c (revision 199977) |+++ rtld.c (working copy) -- Patching file rtld.c using Plan A... Hunk #1 failed at 366. 1 out of 1 hunks failed--saving rejects to rtld.c.rej done What is wrong? Thanks in advance. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD local r00t zeroday
Andrey S. Rybak wrote: Where is detailed instruction? I can not find ... I can't apply the patch: # cd /usr/src/libexec/rtld-elf/ [r...@mymachin /usr/src/libexec/rtld-elf]# patch rtld.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: rtld.c |=== |--- rtld.c (revision 199977) |+++ rtld.c (working copy) -- Patching file rtld.c using Plan A... Hunk #1 failed at 366. 1 out of 1 hunks failed--saving rejects to rtld.c.rej done What is wrong? The version of the patch you are trying to apply is for 8.0-RELEASE and you are probably using 7.2 Here is a version I crafted for 7.2 (use at your own risk, works for me): http://people.freebsd.org/~manolis/rtld72.patch ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD local r00t zeroday
On Tue, Dec 01, 2009 at 06:04:05PM +0700, ~Lst wrote: Hello all, What d'you think about this ? http://seclists.org/fulldisclosure/2009/Nov/371 Are you actually asking for an opinions of a security hole, or are you just trying to bring it to our attention? An official statement was already issued to freebsd-security about 10 hours ago: http://lists.freebsd.org/pipermail/freebsd-security/2009-December/005369.html The mentioned patch is for src/libexec/rtld-elf/rtld.c (since full paths aren't present in the patch file). Mentioned patch has already been committed to the HEAD (CURRENT), RELENG_7, and RELENG_8 branches approximately 8.75 hours ago, with the note Advisory coming soon: http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/rtld-elf/rtld.c -- | Jeremy Chadwick j...@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD local r00t zeroday
What d'you think about this ? http://seclists.org/fulldisclosure/2009/Nov/371 Already being discussed and patched on the FreeBSD security list ... subscribe ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org