Date: Wed, 11 Jul 2001 12:32:35 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Jacques A. Vidrine" <n@nectar.com> Cc: Kris Kennaway <kris@obsecurity.org>, Dima Dorfman <dima@unixfreak.org>, Jason DiCioccio <jdicioccio@epylon.com>, "'security@freebsd.org'" <security@freebsd.org>, kris@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01: Message-ID: <20010711123234.A87779@xor.obsecurity.org> In-Reply-To: <20010711142925.B6272@shade.nectar.com>; from n@nectar.com on Wed, Jul 11, 2001 at 02:29:26PM -0500 References: <657B20E93E93D4118F9700D0B73CE3EA02FFEFA1@goofy.epylon.lan> <20010711015958.0921D3E28@bazooka.unixfreak.org> <20010711104608.A600@shade.nectar.com> <20010711114459.B86556@xor.obsecurity.org> <20010711142925.B6272@shade.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 11, 2001 at 02:29:26PM -0500, Jacques A. Vidrine wrote: > On Wed, Jul 11, 2001 at 11:44:59AM -0700, Kris Kennaway wrote: > > On Wed, Jul 11, 2001 at 10:46:09AM -0500, Jacques A. Vidrine wrote: > > > On Tue, Jul 10, 2001 at 06:59:57PM -0700, Dima Dorfman wrote: > > > > Jason DiCioccio <jdicioccio@epylon.com> writes: > > > > > So then I'm guessing this has been 3.5-STABLE is not vulnerable?= =20 > > > > > Just want to be sure :-) > > > >=20 > > > > What makes you say that? The necessary fix isn't present in RELENG= _3, > > > > and I doubt that there's something else which hides the issue. =20 > > >=20 > > > I haven't double-checked, but it looks like this bug was enabled by > > > revision 1.54 of src/sys/kern/kern_fork.c (allowing shared signal > > > handlers with rfork). That would include 3.1-RELEASE and all > > > following releases. > >=20 > > As was announced several months ago, we are no longer requiring > > security fixes for locally exploitable vulnerabilities under RELENG_3, > > only network-exploitable vulnerabilities. >=20 > Yes, I'm aware. I was just trying to help answer Jason's (and others) > question about what versions are vulnerable. Thanks. It seems some people missed the initial announcement about RELENG_3 which is why I've been repeating it a bit:-( Kris --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TKnSWry0BWjoQKURAhPVAKCPQ0SlhDcq3zYn8oGIJ7tRobVhhgCgxJZn Zv2iVf0J8KfF0pwYzeOXzuc= =t2qs -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010711123234.A87779>