July 11, 2001

FreeBSD 4.3 local root vulnerability

Author: JT Smith

From Net-security.org: "There is local root compromise in FreeBSD 4.3 due to design flaw
which allows injecting signal handlers in other processes.

The problem is rfork(RFPROC|RFSIGSHARE) which shares the signal

If the child does exec() on a setuid program and then the parent set
a signal handler, the signal handler is replicated in the child. The
address of the signal handler may be in the environment and after

a signal to the child our signal handler gets executed. Examine the
code for more information."


  • Linux
Click Here!