Fleximus Blog


Kingcope discovered and posted on Full-disclosure that the Run-Time Link-Editor (rtld) in recent FreeBSD versions has a dangerous bug. An attacker can trick rtld to accept a manipulated LD_PRELOAD environment variable even when executing setugid binaries like "ping" or "su".

The FreeBSD Security Officer Colin Percival reacted quckly with a preliminary patch which might not be the final one. The patch is for use of own risk because it might not fix the issue or might introduce new ones.

The official FreeBSD security advisory is here: FreeBSD-SA-09:16.rtld