Root exploit for FreeBSD

Stacey Son sson at FreeBSD.org
Fri Dec 11 14:16:18 UTC 2009


On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote:

>> From my information security manager:
> 
> 	FreeBSD isn't much used within the University (I understand) and has a
> 	(comparatively) poor security record. Most recently, for example:
> 
> 	http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html



From http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Apple-Fails.htm

> All software has bugs, but it's how people react when things go wrong that you can judge them. Did the FreeBSD folks sit around and do nothing? Did they busy themselves with other things and leave 8.0, 7.1 and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours later Colin Percival, FreeBSD's security officer, made this announcement:
> 
> A short time ago a 'local root' exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root ... since exploit code is already widely available I want to make a patch available ASAP.
> And with that, he released said patch.
> 

So what OS does your information security manager run on his {desk,lap}top?

-stacey.


More information about the freebsd-questions mailing list