132 lines
4.8 KiB
Text
132 lines
4.8 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-18:15.loader Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Deferred kernel loading breaks loader password
|
|
|
|
Category: core
|
|
Module: loader
|
|
Announced: 2018-11-27
|
|
Credits: Devin Teske
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2018-10-24 23:17:17 UTC (stable/11, 11.2-STABLE)
|
|
2018-11-27 19:45:25 UTC (releng/11.2, 11.2-RELEASE-p5)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
The loader is a FreeBSD component which is part of the boot sequence for a
|
|
machine. The loader is most commonly visible with the "beastie" boot menu,
|
|
allowing specification of different boot time parameters.
|
|
|
|
II. Problem Description
|
|
|
|
A change in the loader to allow deferred loading of the kernel introduced a
|
|
bug when using a loader password. After this change and when the loader
|
|
password is enabled, the menu is not loaded and instead the machine goes into
|
|
the autoboot routine. The autoboot routine then fails when the kernel has
|
|
not yet been loaded, yielding a loader prompt where the user has full control
|
|
of the boot process.
|
|
|
|
III. Impact
|
|
|
|
Setting the loader password with the intention of preventing the user from
|
|
bypassing the boot process instead causes the boot to fail and gives the user
|
|
full control of the boot process.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but systems that do not use a loader password are
|
|
not vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
Afterward, reboot the system.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Afterward, reboot the system.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.2]
|
|
# fetch https://security.FreeBSD.org/patches/EN-18:15/loader.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-18:15/loader.patch.asc
|
|
# gpg --verify loader.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html> and reboot
|
|
the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r339697
|
|
releng/11.2/ r341093
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:15.loader.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlv9n+tfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cJRKQ//cJzGNBcKnH3cAltXRM2eWqv6L2UAPYfOs5QEArIB5x4IR+wqc53AbyG4
|
|
AlpWAUf1KCwOFV+ceflihmYiWPPUqSV6nn+0My+uEFQebu8j00D5Mer/x9g6SikB
|
|
x65zXS//rHidaf5KWOKMajEW+jtC9JS42ffdyk+KgEYM4UCNY60iKhJ74rtwRjun
|
|
RwYKBXdtOcbS9Tp/SIIB3tQm1orhK5xe4w+kG4nM9Cz5OYk4j/GmcudWICjzjNzG
|
|
QxGENiDePEjLoCZTHn2Rgntwp0AjNY5FxdR8CgN5GtYHIepJIscE7BlYA6kZDoG9
|
|
e+01e3d7oAz92Dx8h59AkOGZPNI2lL4ZnBAcrpsZa+YkV67kxMHOIGp6faRYdWsf
|
|
+Ew8fh7AbVVhBO4yKWyoHkbREof07Iq3hXX7pi/Imb+nsYYPC6x0vax+qv823P4/
|
|
jnqIryC3MWezOIkTD6B752yED3prP3TDFi+/Lo2ke2K4rPkVRsMfRojcKaKVnWLl
|
|
HpgyffSiVv/dwv005Mdx0kCBnKtZthO9D0GHZSkRIXw2r5C5QQ8F7/EABfWFq1iN
|
|
sM+J682zjJhbFgFzJGceAQGrgVlN91AIl3Ipp2ggi33qQTEOreItRJdN7WBgSI3s
|
|
fTqA6OqgbknpWmCvusu/gi+SMjbO3Hk2hR6noB4bDVNPhPPCIZE=
|
|
=om/y
|
|
-----END PGP SIGNATURE-----
|