[talk] PingForShell

jpb jpb at jimby.name
Mon Dec 5 20:13:58 EST 2022

On Mon, 5 Dec 2022 09:25:01 -0500
Raul Cuza <raulcuza at gmail.com> wrote:

> I made up that name for CVE-2022-23093 and release it under CopyHumor
> license.
> But seriously am I bonkers to think Hacker news is yellow journalism
> when it says ping can be used to take over a FreeBSD box (
> https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html)?
> The FreeBSD announcement
> https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
> clearly says it runs in a sandbox and has limited execution options.
> Someone who knows more please enlighten.
> Thank you. R


Ping was written in 1983.  Ping code was added to FreeBSD as part of
the BSD 4.4 Lite souces import in 1994.

Is this one of those bugs that "has existed for years and nobody
noticed it"?  We're talking over 25 years of people digging around in
the ping source code and nobody noticed?
I find that hard to believe.

The "sandbox" commment is a reference to restructuring the code to work
under Robert Watson's Capsicum libraries.  Apparently ping was was
placed under capsicum capability handling in 2014 (by PJD).   IIRC a
number of utilities were modified for capsicum usage around that time.

Any OpenBSD ppl want to comment on whether it's fixed in their tree?

Jim B.

More information about the talk mailing list