upvote

points

by rvz15 hours ago |
comments
upvoteby itsthefrank15 hours ago|
next
[-]
> V. Solution

> Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system.

Not everyone can just freebsd-update and reboot, so yes, "Oh dear." is a good response to this.

reply
upvoteby epcoa15 hours ago|
parent|
next
[-]
Anyone relying on a 30+ year old monolith kernel written in C to not have some exploitable LPEs lurking should stay in basket weaving and out of sysadmin.
reply
upvoteby cyberpunk15 hours ago|
parent|
next
[-]
Yep.

You should treat any system where non-admins regularly login as basically insecure/owned and rig your architecture appropriately.

TBH -- I don't have any of these kinds of boxes anymore. Who is really running anything like this in 2026 and for what purpose?

reply
upvoteby mrln14 hours ago|
parent|
next
[-]
Not necessarily FreeBSD, but for Linux this applies to most universities with a CS program, I think.

The systems should be cut off from sensitive administrative data, but a malicious student would at the very least have access to the other students' data with an LPE.

reply
upvoteby bch14 hours ago|
parent|
prev|
next
[-]
>> monolith kernel written in C

> Who is really running anything like this in 2026 and for what purpose?

Am I parsing your question correctly?

reply
upvoteby cyberpunk14 hours ago|
parent|
[-]
No, I worded it badly. See below.
reply
upvoteby jmspring14 hours ago|
parent|
prev|
[-]
Stability of ecosystem. No systemd. Native ZFS. Jails over Docker. Been using it for 20+ years and it’s my preferred server OS.
reply
upvoteby cyberpunk14 hours ago|
parent|
next
[-]
No, I mean do you run FreeBSD boxes where users who should not ever assume root access actually login to do tasks?

My point is that if you do, you probably shouldn't run, for e.g applications which need production db credential, or hold sensitive data on these boxes, or .. whatever.

Edit: I use FreeBSD extensively, for various things -- but shell access to them is restricted to the sysadmins..

reply
upvoteby CoolCold7 hours ago|
parent|
[-]
Hard to tell about FreeBSD, it's basically extincted, but think of webhosting servers, wordpress, cPanel/Plesk and alike.

often it's ssh'able with things like rbash and other restrictions and almost always you, well, can run something there (as you can edit php/other files right from web management ui).

Hordes of this (in Linux world).

reply
upvoteby icedchai14 hours ago|
parent|
prev|
next
[-]
Same. I've been using it since 1996. Initially, we used it at an early ISP for DNS, SMTP, and POP3 for roughly 8K users, and it stuck with me.
reply
upvoteby tick_tock_tick8 hours ago|
parent|
prev|
[-]
Free root for anyone for over 20 years too.
reply
upvoteby itsthefrank15 hours ago|
parent|
prev|
next
[-]
Not sure why the snark but if people are running FreeBSD then they should be...basket weaving instead of using it? Yes, the correct solution is to patch and reboot but not everyone is in a place to jump and do that which is why a temp workaround, if possible, would be welcome
reply
upvoteby wswin14 hours ago|
parent|
[-]
I think good system should be prepared to do a reboot in a short notice. Even some long running jobs can have a pause mechanism.
reply
upvoteby yjftsjthsd-h14 hours ago|
parent|
prev|
[-]
...as opposed to what, exactly? Linux is a 34 y.o. monolithic kernel in C, the BSDs are all forked from the same base (386BSD) of around the same age, XNU is 29 years old (and also heavily based on BSD code while also throwing in mach code) in C and other languages,...
reply
upvoteby raddan9 hours ago|
parent|
[-]
The 33 year old Windows NT kernel, duh.
reply
upvoteby skydhash15 hours ago|
parent|
prev|
next
[-]
Why can't they? Upgrading and rebooting is kinda the standard response for most security issues. So I would expect something like Ansible's playbooks for this exact scenario. You might also have it setup as a staggered rollout.
reply
upvoteby paulddraper14 hours ago|
parent|
prev|
[-]
What prevents it?
reply
upvoteby tptacek14 hours ago|
prev|
next
[-]
Does this vulnerability not rely on SUID binaries?
reply
upvoteby cperciva13 hours ago|
parent|
next
[-]
I don't think so? It's a buffer overflow in the system call.
reply
upvoteby tptacek13 hours ago|
parent|
[-]
I just read that it was spilling into argv or something and assumed the vector was somehow injecting arguments or something.
reply
upvoteby cperciva12 hours ago|
parent|
[-]
The exploit is injecting environment variables, but yes, close enough. You need someone to call execve as root in order to become root, but you don't need a setuid binary.
reply
upvoteby cryptbe6 hours ago|
parent|
prev|
[-]
[dead]
reply
upvoteby jeffrallen3 hours ago|
prev|
next
[-]
IV. Workaround

Accept that everything is broken and terrible and yet somehow find a way to keep a sense of humor and smile about it.

reply
upvoteby wolvoleo14 hours ago|
prev|
next
[-]
Why? Just update.
reply
upvoteby ActorNightly4 hours ago|
prev|
[-]
I really am starting to think that the level of technical understanding on HN is so low that when readers see an exploit like this, they imagine basically the cult classic movie "Hackers" in their heads where some guy hacks into any machine of their choosing.
reply