UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824,
MOKB-03-11-2006, CVE-2006-5679
Scott Long
scottl at samsco.org
Fri Nov 24 17:40:55 PST 2006
Kevin Oberman wrote:
>> Date: Fri, 24 Nov 2006 15:58:39 -0700
>> From: Scott Long <scottl at samsco.org>
>> Sender: owner-freebsd-stable at freebsd.org
>>
>> David Malone wrote:
>>
>>>> These two bugs are shown for FreeBSD only and I guess, Solaris and other
>>>> BSDs still use UFS. Are they more robust against this exploit or type
>>>> of exploit?
>>>
>>> I don't know of a concerted effort by anyone to improve UFS in this
>>> way. I would guess that the odd bug would have been resolved, but
>>> no large scale work.
>>>
>>> David.
>> Another thing to keep in mind is that filesystem mounting is only
>> available to the super-user. If a feature came along such as
>> automatically mounting USB drives, these bugs would indeed be critical.
>> But for now, they are not.
>
> Not on the base system, but Gnome 2.16 with hald running will mount a
> removable device automatically. The standard configuration of Gnome runs
> hald. Allowing user mounts of removable media is even formalized by the
> addition of /media to hier(7). I'm not sure this should simply be
> treated as not being significant.
Would it be possible to restrict Gnome to only auto-mounting msdos and
cd9660 filesystems?
Scott
More information about the freebsd-stable
mailing list