FreeBSD 4.3 local root vulnerability

From Net-security.org: “There is local root compromise in FreeBSD 4.3 due to design flaw
which allows injecting signal handlers in other processes.

The problem is rfork(RFPROC|RFSIGSHARE) which shares the signal
handlers.

If the child does exec() on a setuid program and then the parent set
a signal handler, the signal handler is replicated in the child. The
address of the signal handler may be in the environment and after
sending

a signal to the child our signal handler gets executed. Examine the
code for more information.”

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR