iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Colin Percival cperciva at
Tue Oct 10 21:48:49 PDT 2006

Bill Moran wrote:
> Colin Percival <cperciva at> wrote:
>> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
> That was what I expected.  Section III seems to hint that it could be
> used by an unprivilidged user to crash or lock a system.

Yes.  An unprivileged user who is able to execute code on an affected system
can cause a kernel panic.  There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.

> BTW, are you going to be at NYCBSDCon?

No -- I only go to conferences if I have a paper to present.

Colin Percival

More information about the freebsd-security mailing list