|Front | Info | Lists | Newsfeeds | Study Guide | What is BSD?|
Recent OpenBSD Security Advisories
OpenBSD announced two security advisories this week: Do not allow users to trick suid programs into re-opening files via /dev/fd; and a buffer overflow has been found in the Perl interpreter with the sprintf function which may be exploitable under certain conditions.
This is SECURITY FIX 002 and 001 for OpenBSD 3.8 and SECURITY FIX 008 and 007 for OpenBSD 3.7.
The log in the CVS says: "do not allow setugid processes to use /dev/fd/#, unless they are a setuid-script and are attempting to dup is the specific setuid-script fd via such a pathname". And the new comment in the code says: "Assume that the filename was user-specified; applications do not tend to open /dev/fd/# when they can just call dup()."
The suid file descriptor fix patch also has a fix for authpf related to this: "make authpf give up group privs before exec'ing pfctl - makes it so the new taint enforcement for /dev/fd/X opens don't kill it".
The perl fix is for CVE-2005-3962.
DiscussionDiscuss this article below.
BSD Links· Advocacy
· User Groups