iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Bill Moran wmoran at
Wed Oct 11 05:39:49 PDT 2006

In response to Colin Percival <cperciva at>:

> Bill Moran wrote:
> > Colin Percival <cperciva at> wrote:
> >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
>              ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > That was what I expected.  Section III seems to hint that it could be
> > used by an unprivileged user to crash or lock a system.
> Yes.  An unprivileged user who is able to execute code on an affected system
> can cause a kernel panic.  There are a variety of reasons for not treating
> bugs like this as security issues; the strongest reason imho is that if one
> of your users is making a system crash, you can disable his account and call
> the police.

Thanks for the clarification.

>From my standpoint, this qualifies as a "privilege escalation" and warrants
action.  I see that it's already fixed in RELENG_6_1.  Am I correct that
there is no intention to MFC this back to RELENG_6_0?

And, yes, I can't spell "unprivileged" to save my life, and the spell
checker was turned off on my other computer ...

Bill Moran
Collaborative Fusion Inc.

IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader of this
message is not an intended recipient (or the individual
responsible for the delivery of this message to an intended
recipient), please be advised that any re-use, dissemination,
distribution or copying of this message is prohibited. Please
notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a
result of e-mail transmission.

More information about the freebsd-questions mailing list