UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824,
MOKB-03-11-2006, CVE-2006-5679
Scott Long
scottl at samsco.org
Sat Nov 25 08:07:38 PST 2006
O. Hartmann wrote:
> Scott Long wrote:
>> Kevin Oberman wrote:
>>>> Date: Fri, 24 Nov 2006 15:58:39 -0700
>>>> From: Scott Long <scottl at samsco.org>
>>>> Sender: owner-freebsd-stable at freebsd.org
>>>>
>>>> David Malone wrote:
>>>>
>>>>>> These two bugs are shown for FreeBSD only and I guess, Solaris and
>>>>>> other BSDs still use UFS. Are they more robust against this
>>>>>> exploit or type of exploit?
>>>>> I don't know of a concerted effort by anyone to improve UFS in this
>>>>> way. I would guess that the odd bug would have been resolved, but
>>>>> no large scale work.
>>>>>
>>>>> David.
>>>> Another thing to keep in mind is that filesystem mounting is only
>>>> available to the super-user. If a feature came along such as
>>>> automatically mounting USB drives, these bugs would indeed be critical.
>>>> But for now, they are not.
>>> Not on the base system, but Gnome 2.16 with hald running will mount a
>>> removable device automatically. The standard configuration of Gnome runs
>>> hald. Allowing user mounts of removable media is even formalized by the
>>> addition of /media to hier(7). I'm not sure this should simply be
>>> treated as not being significant.
>> Would it be possible to restrict Gnome to only auto-mounting msdos and
>> cd9660 filesystems?
>>
>> Scott
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> Sorry, if my question may sound heretic, but wouldn't it be more
> sophisticated solving the problem instead of disabling everything what
> could trigger the bug?
Yup. Who do you have in mind to do it?
Scott
More information about the freebsd-stable
mailing list