freebsd-security Digest, Vol 187, Issue 4
Michael Richards
michael at fastmail.ca
Mon Nov 27 08:18:01 PST 2006
> [It's just a panic]
> I was so transfixed on Josh stating that the attacker could as well
> just mount a filesystem with suid root binaries and how that would be
> more useful than a buffer overflow in the filesystem driver. I totally
> missed the fact that we were talking about two bugs where the kernel
> deliberately called panic() ;).
>
> So in this case I'd agree that the panic() is undesirable, but not
> really a security issue.
In the past we have considered remote DOS type attacks to be a security
issue. In this case people discount it saying if the user has physical
access then it's game over anyway. Althought not as serious as privilege
escalation bugs I would have to say that mounting a user's USB drive
shouldn't allow the system to crash. How about something to force a fsck
before allowing the mount? Would that always catch it?
-Michael
_________________________________________________________________
http://fastmail.ca/ - Fast Secure Web Email for Canadians
More information about the freebsd-security
mailing list