Bugtraq mailing list archives

Re: FreeBSD (and other BSDs?) local root explot

From: root () IHACK NET (Charles M. Hannum)
Date: Fri, 3 Sep 1999 12:06:15 -0400


As of yesterday, the OpenBSD version of fts.c was still susceptible to
at least two bugs that can cause a core dump when FTS_NOCHDIR is used
(e.g. by pax(1)).  Beware if you do backups with pax(1)!

These problems, and others, are fixed in the current NetBSD version.

revision 1.20
date: 1999/08/27 18:01:35;  author: mycroft;  state: Exp;  lines: +16 -10
Fix multiple problems in the FTS_NOCHDIR case:
* There was an off-by-one error that caused the addition of a NUL or
  slash in fts_build() to overwrite other memory.
* After fts_palloc(), we need to reset `cp' so that it points to the
  new path name buffer; otherwise the addition of the file name before
  calling fts_stat() could lose.

Current thread:

Re: FreeBSD (and other BSDs?) local root explot Ollivier Robert (Aug 30)
- <Possible follow-ups>
- Re: FreeBSD (and other BSDs?) local root explot Stas Kisel (Sep 01)
- Re: FreeBSD (and other BSDs?) local root explot Charles M. Hannum (Sep 03)