[11508] in bugtraq
Re: profil(2) bug, a simple test program
daemon@ATHENA.MIT.EDU (Eivind Eklund)
Wed Aug 25 15:00:37 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990811153706.A12282@bitbox.follo.net>
Date: Wed, 11 Aug 1999 15:37:06 +0200
Reply-To: Eivind Eklund <eivind@FREEBSD.ORG>
From: Eivind Eklund <eivind@FREEBSD.ORG>
X-To: Ross Harvey <ross@GHS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199908101928.MAA27587@elbe.ghs.com>; from Ross Harvey on Tue,
Aug 10, 1999 at 12:28:20PM -0700
On Tue, Aug 10, 1999 at 12:28:20PM -0700, Ross Harvey wrote:
> I would have preinformed Sun had I not been under the impression that they
> had fixed it, although it shouldn't matter much given the high degree of
> difficulty in constructing an exploit.
>
> I wasn't as worried about the other BSD's, because the simple NetBSD patch
> that was included should work OK at any BSD site. OpenBSD has applied the
> NetBSD patch to their current sources, but note that all releases of all
> BSD kernels prior to NetBSD 1.4.1 (which is in process and expected later
> this week) appear to have this bug.
The code in FreeBSD is somewhat different (it is actually amazingly
close, given that the code was written twice, by two different
parties); patch (not tested) below.
Index: kern_exec.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.99
diff -u -r1.99 kern_exec.c
--- kern_exec.c 1999/04/27 11:15:55 1.99
+++ kern_exec.c 1999/08/11 13:29:28
@@ -229,6 +229,9 @@
p->p_fd = tmp;
}
+ /* stop profiling */
+ stopprofclock(p);
+
/* close files on exec */
fdcloseexec(p);
Eivind.
