FreeBSD Kernel buffer overflow
gerarra at tin.it
gerarra at tin.it
Sat Sep 18 03:10:32 PDT 2004
>> In <001801c49d38$1c8cb790$1200a8c0 at gsicomp.on.ca>, Matt Emmerton
><matt at gsicomp.on.ca> typed:
>> > I disagree. It really comes down to how secure you want FreeBSD to
be,
>and
>> > the attitude of "we don't need to protect against this case because
>anyone
>> > who does this is asking for trouble anyway" is one of the main reason
>why
>> > security holes exist in products today. (Someone else had brought
this
>up
>> > much earlier on in the thread.)
>>
>> You haven't been paying close enough attention to the discussion. To
>> exploit this "security problem" you have to be root. If it's an
>> external attacker, you're already owned.
>
>I'm well aware of that fact. That's still not a reason to protect against
>the problem.
>
>If your leaky bucket has 10 holes in it, would you at least try and plug
>some of them?
>
In my post I told that this is *NOT* exploitable but if somebody finds a
method? what you can say? In underground comunities it's not so rare, patching
is better than having a new exploits for freebsd. I was very deluded by
this approach to potential security problem...
(I repeat: *POTENTIAL*).
rookie
More information about the freebsd-hackers
mailing list