[Midnightbsd-cvs] [MidnightBSD/src] dfa677: linux: set AT_SECURE from exec credential state

Lucas Holt noreply at github.com
Wed Jun 10 20:16:06 EDT 2026


  Branch: refs/heads/master
  Home:   https://github.com/MidnightBSD/src
  Commit: dfa6773df2b32675254a2ca241a64403a9cf413c
      https://github.com/MidnightBSD/src/commit/dfa6773df2b32675254a2ca241a64403a9cf413c
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-06-10 (Wed, 10 Jun 2026)

  Changed paths:
    M sys/compat/linux/linux_elf.c

  Log Message:
  -----------
  linux: set AT_SECURE from exec credential state

Use image_params.credential_setid when constructing the Linux ELF auxiliary vector.  P_SUGID is not set until later in execve(2), so it cannot reliably indicate whether a Linux setuid or setgid binary needs secure runtime linker mode.

CVE-2026-49413

Obtained from: FreeBSD-SA-26:30.linux

AI-Assisted-by: OpenAI Codex (GPT-5)
Signed-off-by: Lucas Holt <luke at foolishgames.com>


  Commit: 0f95ff72d5f517ce24b9455c7a707402630ba2b1
      https://github.com/MidnightBSD/src/commit/0f95ff72d5f517ce24b9455c7a707402630ba2b1
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-06-10 (Wed, 10 Jun 2026)

  Changed paths:
    M UPDATING

  Log Message:
  -----------
  UPDATING: note Linuxulator AT_SECURE fix

CVE-2026-49413

AI-Assisted-by: OpenAI Codex (GPT-5)
Signed-off-by: Lucas Holt <luke at foolishgames.com>


Compare: https://github.com/MidnightBSD/src/compare/253ed9e87acd...0f95ff72d5f5

To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications


More information about the Midnightbsd-cvs mailing list