From owner-announce-jp@jp.FreeBSD.org Wed Sep 18 06:26:31 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8HLQVQ17539;
	Wed, 18 Sep 2002 06:26:31 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <20020918.040638.03590463.hrs@eos.ocn.ne.jp>
To: announce-jp@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200209161615.g8GGFk0g073000@freefall.freebsd.org>
References: <200209161615.g8GGFk0g073000@freefall.freebsd.org>
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 18 Sep 2002 04:06:38 +0900
X-Sequence: announce-jp 1051
Subject: Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:39.libkvm
Errors-To: owner-announce-jp@jp.FreeBSD.org
Sender: owner-announce-jp@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-02:39.libkvm (2002-09-16)
 * Applications using libkvm may leak sensitive descriptors
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:39.libkvm
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Mon, 16 Sep 2002 09:15:46 -0700
  Message-Id: <200209161615.g8GGFk0g073000@freefall.freebsd.org>
  X-Sequence: announce-jp 1050

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-02:39.libkvm                                     Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:       libkvm $B$r;H$C$F$$$k%"%W%j%1!<%7%g%s$K$*$$$F!"(B
                $B%;%-%e%j%F%#>e=EMW$J5-=R;R$,O31L$9$k2DG=@-$,$"$kLdBj(B
                (Applications using libkvm may leak sensitive descriptors)

$BJ,N`(B:           core
$B%b%8%e!<%k(B:     libkvm
$B9pCNF|(B:         2002-09-16
$B%/%l%8%C%H(B:     David Endler <DEndler@iDefense.com>,
                <badc0ded@badc0ded.com>
$B1F6AHO0O(B:       4.6.2-RELEASE $B$*$h$S!"$=$l0JA0$N$9$Y$F$N%j%j!<%9!#(B
                4.4-RELEASE-p27$B!"(B4.5-RELEASE-p20$B!"(B4.6.2-RELEASE-p2
                $B$h$jA0$N%;%-%e%j%F%#%V%i%s%A%j%j!<%9!#(B
$B=$@5F|(B:         2002-09-13 14:53:43 UTC (RELENG_4)
                2002-09-13 15:04:22 UTC (RELENG_4_6)
                2002-09-13 15:07:26 UTC (RELENG_4_5)
                2002-09-13 15:09:07 UTC (RELENG_4_4)
FreeBSD $B$K8GM-$+(B:       NO


I.   $BGX7J(B - Background

kvm(3) $B%i%$%V%i%j$O!"2TF/Cf$N%7%9%F%`$N%+!<%M%k2>A[%a%b%j%$%a!<%8$d!"(B
$B%/%i%C%7%e%@%s%W$K4^$^$l$k%+!<%M%k2>A[%a%b%j%$%a!<%8$r%"%/%;%9$9$k$?$a$N(B
$BE}0l$5$l$?%$%s%?!<%U%'%$%9$rDs6!$9$k%i%$%V%i%j$G$9!#2TF/Cf$N%7%9%F%`$N>l9g$O!"(B
/dev/mem $B$*$h$S(B /dev/kmem $B$r7PM3$7$F%a%b%j%$%a!<%8$K%"%/%;%9$7$^$9!#(B
$B$3$N%a%b%j$OFI$_=q$-2DG=$G$"$j!"%+!<%M%k%7%s%\%k$N%"%I%l%9$r(B
$B8zN(E*$KD4$Y$?$j!"%f!<%6%W%m%;%9$K4X$9$k>pJs$r=8$a$?$j$9$k$N$K(B
$BMxMQ$9$k$3$H$,2DG=$G$9!#(B

kvm_openfiles(3) $B4X?t$O(B /dev/mem $B$*$h$S(B /dev/kmem $B$H$$$&FC<l$J(B
$B%G%P%$%9%U%!%$%k$r%*!<%W%s$7!"B>$N(B kvm(3) $B4XO"$N%i%$%V%i%j4X?t72$+$i(B
$B;2>H$G$-$k$h$&$K!"%U%!%$%k5-=R;R$r(B ($BLuCm(B: kvm(3) $B%i%$%V%i%j4X?t72$N(B
$BFbIt$+$i$7$+Cf?H$,$o$+$i$J$$$h$&$K(B) $B>\:Y$,1#JC$5$l$?!V%O%s%I%k!W$N7A$G(B
$BJV$7$^$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

$B%9%o%C%W$d2>A[%a%b%j!"(BCPU $B$NMxMQ>u67$J$I$N%7%9%F%`>pJs$rI=<($9$k(B
$B%"%W%j%1!<%7%g%s$O!">pJs$rF@$k$?$a$K(B kvm(3) $B%i%$%V%i%j$rMxMQ$7$F(B
$BD>@\%+!<%M%k%a%b%j$r;2>H$9$k$b$N$,$"$j$^$9!#(B
$B$=$N$h$&$J%"%W%j%1!<%7%g%s$O(B kvm_openfiles(3) $B$r8F$S=P$7$F(B
/dev/mem $B$*$h$S(B /dev/kmem $B$K%"%/%;%9$G$-$k$h$&$K!"DL>o$O(B
kmem $B%0%k!<%W$K(B set-group-ID $B$7$F<B9T$5$l$F$$$kI,MW$,$"$j$^$9!#(B

$B$=$N$h$&$J%"%W%j%1!<%7%g%s$,<B9TCf$K(B exec(2) $B$r;H$C$FB>$N(B
$B%"%W%j%1!<%7%g%s$r8F$S=P$9$H!"?7$7$/5/F0$7$?%"%W%j%1!<%7%g%s$K$O(B
/dev/mem $B$*$h$S(B /dev/kmem $B$KBP1~$9$k%U%!%$%k5-=R;R$,%*!<%W%s$5$l$?$^$^(B
$B0z$-7Q$,$l$^$9!#DL>o$O%U%!%$%k5-=R;R$r(B ($BLuCm(B: fcntl(2) $B$r;H$C$F(B)
close-on-exec $B$K;XDj$9$k$3$H$G$3$&$$$C$?>u67$r2sHr$9$k$N$G$9$,!"(B
kvm_openfiles(3) $B$NJV$9%O%s%I%k$O(B ($BLuCm(B: $B%U%!%$%k5-=R;R$=$N$b$N$r(B
$BCj=P$9$kJ}K!$,5,Dj$5$l$F$$$J$$(B)  $BFH<+7A<0$G$"$j!"%"%W%j%1!<%7%g%s(B
$BB&$+$i$O(B kvm(3) $B%i%$%V%i%j$,%*!<%W%s$7$?%U%!%$%k5-=R;R$,!"6qBNE*$K(B
$B$I$l$J$N$+$rD>@\D4$Y$k<jCJ$,$"$j$^$;$s!#$=$N$?$a%"%W%j%1!<%7%g%s:n@.<T$O!"(B
$B$3$l$i$N%U%!%$%k5-=R;R$N=hM}$rBU$C$F$7$^$&2DG=@-$,$"$j$^$9!#(B


III. $B1F6AHO0O(B - Impact

kmem $B%0%k!<%W$K(B set-group-ID $B$5$l$?(B kvm(3) $B$r;H$&%"%W%j%1!<%7%g%s$N$&$A!"(B
$BB>$N%"%W%j%1!<%7%g%s$r5/F0$9$k$b$N$K$*$$$F!"(B/dev/mem $B$*$h$S(B
/dev/kmem $B%U%!%$%k$N5-=R;R$,O31L$9$k2DG=@-$,$"$j$^$9!#(B
$B$3$N%"%W%j%1!<%7%g%s$+$i5/F0$5$l$k%"%W%j%1!<%7%g%s$r%m!<%+%k%f!<%6$,(B
$B;XDj$G$-$k>l9g!"$=$l$i$O%+!<%M%k%a%b%j$rFI$_=P$9$?$a$KMxMQ$9$k$3$H$,(B
$B$G$-$k$+$bCN$l$^$;$s!#%+!<%M%k%a%b%j$rFI$_=P$9$3$H$,$G$-$l$P!"(B
$B7k2L$H$7$F%U%!%$%k%P%C%U%!!"%M%C%H%o!<%/%P%C%U%!!"C<Kv%P%C%U%!!"(B
$BG'>Z%H!<%/%s$H$$$C$?%;%-%e%j%F%#>e=EMW$J>pJs$,O31L$9$k$3$H$K$J$j$^$9!#(B

FreeBSD Ports Collection $B$K4^$^$l$k(B asmon$B!"(Bascpu$B!"(Bbubblemon$B!"(Bwmmon$B!"(B
wmnet2 $B$O!"$3$N<eE@$N1F6A$r<u$1$k$3$H$,3NG'$5$l$F$$$^$9!#$^$?!"(B
$B$=$NB>$N%"%W%j%1!<%7%g%s$K$b!"1F6A$r<u$1$k$b$N$,$"$k2DG=@-$,$"$j$^$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

$B1F6A$r<u$1$k%"%W%j%1!<%7%g%s$N(B set-group-ID $B%S%C%H$r:o=|$7$F$/$@$5$$!#(B
$B$?$@$7$3$NA`:n$K$h$j!"%"%W%j%1!<%7%g%s$N0lIt$N5!G=$O;HMQ$G$-$J$/$J$j$^$9!#(B


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+0l$D$K=>$C$F$/$@$5$$!#(B

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r:G?7$N(B 4.6-STABLE $B$K%"%C%W%0%l!<%I$9$k!#(B
   $B$"$k$$$O!"=$@5F|0J9_$N(B RELENG_4_6 (4.6.2-RELEASE-p2)$B!"(B
   RELENG_4_5 (4.5-RELEASE-p20)$B!"(BRELENG_4_4 (4.4-RELEASE-p27)
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

$B0J2<$N=$@5%Q%C%A$O!"(BFreeBSD 4.4$B!"(BFreeBSD 4.5$B!"(BFreeBSD 4.6$B!"(B
FreeBSD 4.6.2 $B$N3F%7%9%F%`$KE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#(B

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch.asc

b) root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libkvm
# make depend && make && make install

 ($BLuCm(B: /path/to/patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)


VI.  $B=$@5$N>\:Y(B - Correction details

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

$B%Q%9L>(B                                                          $B%j%S%8%g%s(B
  $B%V%i%s%A(B
- -------------------------------------------------------------------------
src/lib/libkvm/kvm.c
  RELENG_4                                                       1.12.2.3
  RELENG_4_6                                                 1.12.2.2.8.1
  RELENG_4_5                                                 1.12.2.2.6.1
  RELENG_4_4                                                 1.12.2.2.4.1
src/sys/conf/newvers.sh
  RELENG_4_6                                               1.44.2.23.2.19
  RELENG_4_5                                               1.44.2.20.2.21
  RELENG_4_4                                               1.44.2.17.2.26
- -------------------------------------------------------------------------


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B
