So then I'm guessing this has been 3.5-STABLE is not vulnerable?
Just want to be sure :-)
What makes you say that? The necessary fix isn't present in RELENG_3,
and I doubt that there's something else which hides the issue.
I haven't double-checked, but it looks like this bug was enabled by
revision 1.54 of src/sys/kern/kern_fork.c (allowing shared signal
handlers with rfork). That would include 3.1-RELEASE and all
As was announced several months ago, we are no longer requiring
security fixes for locally exploitable vulnerabilities under RELENG_3,
only network-exploitable vulnerabilities.
Yes, I'm aware. I was just trying to help answer Jason's (and others)
question about what versions are vulnerable.
Thanks. It seems some people missed the initial announcement about
RELENG_3 which is why I've been repeating it a bit:-(