- User Since
- May 31 2021, 8:33 AM (55 w, 4 d)
May 17 2022
Looks good, thanks!
May 16 2022
May 6 2022
Thank you for the backport :) !
May 5 2022
@markj could it be possible to backport this fix to the FreeBSD 13.1 while there is still time?
My FreeBSD 13.1 VM (virtualbox) freezes randomly during boot and this commit fixes it.
Mar 28 2022
Comments from sjg
Mar 21 2022
Feb 28 2022
Feb 21 2022
Feb 17 2022
Thank you for your input, I believe we will think it over.
Feb 16 2022
Feb 15 2022
Feb 14 2022
Jan 18 2022
May 31 2021
$1 does not change :) But it represents a filename and it may not be resolved to the same inode when passed to _rc_verify and to dot :/ I know it's probably hard to exploit, but it remains a race condition nonetheless.
Besides I believe there is race condition here. The file $1 can be tampered with after the call to _rc_verify and before the source call (.)
AFAIK mac_veriexec does not block the opening of files with O_VERIFY if inactive. (i.e. the new sh verify option blocks nothing if mac_veriexec is inactive / not loaded).
Could you elaborate more on the portability issue?