Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src note some security fixes
details: https://anonhg.NetBSD.org/src/rev/7f76e75a430b
branches: netbsd-1-4
changeset: 471306:7f76e75a430b
user: perry <perry%NetBSD.org@localhost>
date: Thu Jul 19 13:54:05 2001 +0000
description:
note some security fixes
diffstat:
CHANGES-1.4.4 | 20 +++++++++++++++++++-
1 files changed, 19 insertions(+), 1 deletions(-)
diffs (31 lines):
diff -r 07e605c36d95 -r 7f76e75a430b CHANGES-1.4.4
--- a/CHANGES-1.4.4 Thu Jul 19 13:52:19 2001 +0000
+++ b/CHANGES-1.4.4 Thu Jul 19 13:54:05 2001 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-1.4.4,v 1.1.2.14 2001/05/30 09:46:46 he Exp $
+# $NetBSD: CHANGES-1.4.4,v 1.1.2.15 2001/07/19 13:54:05 perry Exp $
A complete list of changes from NetBSD 1.4.3 to NetBSD 1.4.4:
@@ -329,3 +329,21 @@
Introduce net.inet.ip.maxfragpackets, which controls the maximum
number of IPv4 fragment reassembly queue entries. Defends against
certain DoS attacks. Fixes SA#2001-006.
+
+sys/kern/exec_script.c patch
+sys/kern/kern_exec.c patch
+
+ In check_exec(), don't bother checking P_TRACED along with
+ MNT_NOSUID, just check MNT_NOSUID to clear the S{U,G}ID bits
+ in the attributes for the vnode we're about to exec.
+
+ We now check P_TRACED right before we would actually perform
+ the s{u,g}id function in the exec code.
+
+ This closes a race condition between exec of a setuid binary
+ and ptrace(2).
+
+sys/kern/uipc_syscalls.c patch
+
+ fix overflow in sendmsg()
+
Home |
Main Index |
Thread Index |
Old Index