Hacker News

FreeBSD: Local Privilege Escalation via Execve()

37 points by Deeg9rie9usi 2 hours ago | 21 comments

cyberpunk 42 minutes ago

This is from April 28th, it was patched in 15.0R-p7.

-p8 is the current patch level for 15.0-RELEASE so if people have been keeping on top of patching this is already two reboots in the past.

loeg 27 minutes ago

Just yesterday, cperciva was bragging about the FreeBSD approach to security: https://news.ycombinator.com/item?id=48056853 You can argue the response here was well coordinated, but having an LPE in a core syscall like execve() isn't ideal.

broken-kebab 12 minutes ago

Or in other words, the response is well-coordinated so cperciva's bragging is justified, isn't it?

bch 8 minutes ago

Its like rain on your wedding day - not actually ironic, just unfortunate.

rvz 2 hours ago

> IV. Workaround

> No workaround is available.

Oh dear.

itsthefrank 52 minutes ago

> V. Solution

> Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system.

Not everyone can just freebsd-update and reboot, so yes, "Oh dear." is a good response to this.

epcoa 47 minutes ago

Anyone relying on a 30+ year old monolith kernel written in C to not have some exploitable LPEs lurking should stay in basket weaving and out of sysadmin.

itsthefrank 40 minutes ago

Not sure why the snark but if people are running FreeBSD then they should be...basket weaving instead of using it? Yes, the correct solution is to patch and reboot but not everyone is in a place to jump and do that which is why a temp workaround, if possible, would be welcome

cyberpunk 39 minutes ago

Yep.

You should treat any system where non-admins regularly login as basically insecure/owned and rig your architecture appropriately.

TBH -- I don't have any of these kinds of boxes anymore. Who is really running anything like this in 2026 and for what purpose?

bch 45 seconds ago

>> monolith kernel written in C

> Who is really running anything like this in 2026 and for what purpose?

Am I parsing your question correctly?

jmspring 19 minutes ago

Stability of ecosystem. No systemd. Native ZFS. Jails over Docker. Been using it for 20+ years and it’s my preferred server OS.

cyberpunk 7 minutes ago

No, I mean do you run FreeBSD boxes where users who should not ever assume root access actually login to do tasks?

My point is that if you do, you probably shouldn't run, for e.g applications which need production db credential, or hold sensitive data on these boxes, or .. whatever.

Edit: I use FreeBSD extensively, for various things -- but shell access to them is restricted to the sysadmins..

icedchai 6 minutes ago

Same. I've been using it since 1996. Initially, we used it at an early ISP for DNS, SMTP, and POP3 for roughly 8K users, and it stuck with me.

skydhash 42 minutes ago

Why can't they? Upgrading and rebooting is kinda the standard response for most security issues. So I would expect something like Ansible's playbooks for this exact scenario. You might also have it setup as a staggered rollout.

doublerabbit 46 minutes ago

Linux is on their second and FreeBSD is on their first. How many is Windows on?

dwattttt 40 minutes ago

If you think Linux is on their first or second, I'm not sure how or what you're counting.

doublerabbit 24 minutes ago

> I'm not sure how or what you're counting.

The recent two. FailCopy and DirtyFrag and FreeBSD with Execve.

2 - Linux 1 - FreeBSD.

Of course, all OS have had past-time exploits. Three now have made the news.

dwattttt 2 minutes ago

Your question was "how many high profile privilege escalations Windows has had" recently then? I can't think of any, 0?

pjmlp 42 minutes ago

Plenty, Microsoft has security teams whose job is to attack Windows.

Naturally they don't do blog posts about what they find.

hnlmorg 34 minutes ago

You talk as if Windows is the only OS that has red teams attacking the system when clearly that isn’t even remotely true.