Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Jul 2001 14:29:26 -0500
From:      "Jacques A. Vidrine" <n@nectar.com>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Dima Dorfman <dima@unixfreak.org>, Jason DiCioccio <jdicioccio@epylon.com>, "'security@freebsd.org'" <security@freebsd.org>, kris@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-01:
Message-ID:  <20010711142925.B6272@shade.nectar.com>
In-Reply-To: <20010711114459.B86556@xor.obsecurity.org>; from kris@obsecurity.org on Wed, Jul 11, 2001 at 11:44:59AM -0700
References:  <657B20E93E93D4118F9700D0B73CE3EA02FFEFA1@goofy.epylon.lan> <20010711015958.0921D3E28@bazooka.unixfreak.org> <20010711104608.A600@shade.nectar.com> <20010711114459.B86556@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jul 11, 2001 at 11:44:59AM -0700, Kris Kennaway wrote:
> On Wed, Jul 11, 2001 at 10:46:09AM -0500, Jacques A. Vidrine wrote:
> > On Tue, Jul 10, 2001 at 06:59:57PM -0700, Dima Dorfman wrote:
> > > Jason DiCioccio <jdicioccio@epylon.com> writes:
> > > > So then I'm guessing this has been 3.5-STABLE is not vulnerable? 
> > > > Just want to be sure :-)
> > > 
> > > What makes you say that?  The necessary fix isn't present in RELENG_3,
> > > and I doubt that there's something else which hides the issue.  
> > 
> > I haven't  double-checked, but it looks  like this bug was  enabled by
> > revision  1.54  of  src/sys/kern/kern_fork.c (allowing  shared  signal
> > handlers  with  rfork).   That   would  include  3.1-RELEASE  and  all
> > following releases.
> 
> As was announced several months ago, we are no longer requiring
> security fixes for locally exploitable vulnerabilities under RELENG_3,
> only network-exploitable vulnerabilities.

Yes, I'm aware.  I was just trying to help answer Jason's (and others)
question about what versions are vulnerable.
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010711142925.B6272>