FreeBSD bug grants local root access (FreeBSD 6.x)
Chris Palmer
chris at noncombatant.org
Tue Sep 15 20:26:55 UTC 2009
utisoft at googlemail.com writes:
> It appears to only affect 6.x.... and requires local access. If an
> attacker has local access to a machine you're screwed anyway.
No, the thing you're screwed anyway by is local *physical* access. Merely
running a process as a non-root local user should *not* be a "you're screwed
anyway" scenario. The fundamental security guarantee of a modern operating
system is that different principals cannot affect each other's resources
(user chris cannot read or write user jane's email -- let alone root's
email). This bug breaks that guarantee, and is definitely not a ho-hum bug.
Remote exploits, which I agree are even worse, are in a sense a special case
of breaking the same guarantee: the pseudo-principal "anonymous maniac from
the Internet" can affect user root's (or whoever's) resources. Some
operating systems even have an explicit "anonymous" user, but the point is
the same either way.
--
http://www.noncombatant.org/
http://hemiolesque.blogspot.com/
More information about the freebsd-security
mailing list