opnsense-src/sys/compat
Mark Johnston 8b5dfac406 linux: Correct the issetugid check in copyout_auxargs
The runtime linker in glibc relies on the AT_SECURE auxv entry to know
whether the executable is set-ugid, if so then various dangerous
functionality such as LD_PRELOAD is disabled.

The check added in commit 669414e4fb failed to take into account the
fact that during execve, P_SUGID may not yet be set for a set-ugid
process.  Correct the test.

Approved by:	so
Security:	FreeBSD-SA-26:30.linux
Security:	CVE-2026-49413
Reported by:	Minseong Kim
Fixes:		669414e4fb ("Implement AT_SECURE properly.")
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D57350
2026-06-10 08:45:22 +02:00
..
freebsd32 stat(2): add st_bsdflags field 2025-04-09 03:53:17 +03:00
ia32 sysentvec: add SV_SIGSYS flag 2023-10-09 06:24:31 +03:00
lindebugfs lindebugfs: use __func__ not __FUNCTION__ 2025-02-10 14:52:12 +00:00
linprocfs linprocfs: Correct sysfs /proc/<pid>/mountinfo entry 2025-03-31 10:42:48 -07:00
linsysfs linsysfs(5): Remove sys/cdefs.h inclusion where it's not needed due to 685dc743 2023-08-18 13:12:02 +03:00
linux linux: Correct the issetugid check in copyout_auxargs 2026-06-10 08:45:22 +02:00
linuxkpi linuxkpi: Fix an off-by-one error in the kfifo implementation 2026-04-30 07:39:21 +02:00
x86bios sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00