FreeBSD Kernel buffer overflow
Mike Meyer
mwm at mired.org
Fri Sep 17 22:58:05 PDT 2004
In <006201c49d42$0c751aa0$1200a8c0 at gsicomp.on.ca>, Matt Emmerton <matt at gsicomp.on.ca> typed:
> ----- Original Message -----
> From: "Mike Meyer" <mwm at mired.org>
> To: "Matt Emmerton" <matt at gsicomp.on.ca>
> Cc: <viro at parcelfarce.linux.theplanet.co.uk>; "Avleen Vig"
> <lists-freebsd at silverwraith.com>; <freebsd-hackers at freebsd.org>;
> <gerarra at tin.it>
> Sent: Saturday, September 18, 2004 1:22 AM
> Subject: Re: FreeBSD Kernel buffer overflow
>
>
> > In <001801c49d38$1c8cb790$1200a8c0 at gsicomp.on.ca>, Matt Emmerton
> <matt at gsicomp.on.ca> typed:
> > > I disagree. It really comes down to how secure you want FreeBSD to be,
> and
> > > the attitude of "we don't need to protect against this case because
> anyone
> > > who does this is asking for trouble anyway" is one of the main reason
> why
> > > security holes exist in products today. (Someone else had brought this
> up
> > > much earlier on in the thread.)
> >
> > You haven't been paying close enough attention to the discussion. To
> > exploit this "security problem" you have to be root. If it's an
> > external attacker, you're already owned.
>
> I'm well aware of that fact. That's still not a reason to protect against
> the problem.
>
> If your leaky bucket has 10 holes in it, would you at least try and plug
> some of them?
In this case, you're trying to plug holes in a bucket that doesn't
have a bottom. Not only that - once you fix the bottom, the holes will
be fixed as well.
If this qualifies as a security hole, then so does /bin/sh being
executable by root.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
More information about the freebsd-hackers
mailing list