process checkpoint restore facility now in DragonFly BSD
Kris Kennaway
kris at obsecurity.org
Tue Oct 21 09:30:39 PDT 2003
On Mon, Oct 20, 2003 at 01:52:07PM -0700, Kip Macy wrote:
> Please note that there are *SEVERE* security issues with this module.
> The module is not loaded into the kernel by default and, when loaded,
> can only be used by users in the wheel group.
Why the wheel group? Until now, the only special privilege this group
has is that users are allowed to su to root, if they knew the
password. It looks like now you've removed the root password barrier
and allow anyone in the wheel group to manipulate processes to obtain
root without a password :-)
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20031021/f2b21ca9/attachment.bin
More information about the freebsd-hackers
mailing list