From owner-freebsd-security Tue Jan 25 10:11:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id A51E01504E for ; Tue, 25 Jan 2000 10:11:21 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id KAA05253; Tue, 25 Jan 2000 10:11:19 -0800 (PST) (envelope-from dillon) Date: Tue, 25 Jan 2000 10:11:19 -0800 (PST) From: Matthew Dillon Message-Id: <200001251811.KAA05253@apollo.backplane.com> To: Michael Oswell Cc: Warner Losh , Tim Yardley , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: *BSD procfs vulnerability References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :I've manually taken the information from the 3.x patch and used it to :patch a 2.2.7 box we had here. It appears to work, though all I have done :to test this is run the exploit script that was sent to bugtraq. : :I have also run the patch against a 2.2.8 box successfully (and recompiled :the kernel), though have yet to reboot to the box to be sure it works. : :The actual code in the patch below is identical to the one that was :released for 3.2 (just manually inserted instead of using patch). Like I :said, it appears to work here, though I make no guarentees to anyone that :this is the best or correct way to patch the 2.2.x kernels for this bug. Best.com has verified that the patch works as well, and it's exactly the same as the one you included so I have committed it to RELENG_2_2. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message