From owner-freebsd-security@FreeBSD.ORG Wed Sep 16 15:37:45 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEB82106566C for ; Wed, 16 Sep 2009 15:37:45 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from mail-fx0-f210.google.com (mail-fx0-f210.google.com [209.85.220.210]) by mx1.freebsd.org (Postfix) with ESMTP id 7E8968FC08 for ; Wed, 16 Sep 2009 15:37:45 +0000 (UTC) Received: by fxm6 with SMTP id 6so3428590fxm.43 for ; Wed, 16 Sep 2009 08:37:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=HXIywA7gLm7/RbticyyNhodC5e+1eOntOGh4qcyS+Cw=; b=JQohsqg1R4AFVWiI81qFapfviQIwE2wQH907JhjiG30848UD5pnjcSv12aasJLk0O2 LpILc603WYkXJjAn1xQ4WT8O5/tOJc+Fj1Id8Wvy/8qJN8LuqhCnbJeIzqJz20JpUy3s LGm0FfSxrRcXKiRCTzO2htrEKQso/l6qMsvGI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=pwcS7Tx51rpXBRGT3DBnZRbgmvAQRdl6MeE/W6L8K/L5sUCo1eDApyDcfonFzJvt3h dnaLtBVM3X5jChYtiVEHPV/1wgI8YlTycgC48z+Re13os34EPJgNmK+/OB3zzj1/HdHS +RwRZZQd33O+Jnyhu//jSHtMA94vZiOCidb4M= MIME-Version: 1.0 Received: by 10.204.156.213 with SMTP id y21mr7515394bkw.109.1253115464202; Wed, 16 Sep 2009 08:37:44 -0700 (PDT) In-Reply-To: <4AB02BE0.1030305@delphij.net> References: <4AAF45B4.60307@isafeelin.org> <0016e6d99efa540b8b047399738b@google.com> <20090915202703.GF24361@noncombatant.org> <4AB02BE0.1030305@delphij.net> From: Chris Rees Date: Wed, 16 Sep 2009 16:37:24 +0100 Message-ID: To: d@delphij.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Chris Palmer , freebsd-security@freebsd.org Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2009 15:37:46 -0000 2009/9/16 Xin LI : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris Palmer wrote: >> utisoft@googlemail.com writes: >> >>> It appears to only affect 6.x.... and requires local access. If an >>> attacker has local access to a machine you're screwed anyway. >> >> No, the thing you're screwed anyway by is local *physical* access. Merel= y >> running a process as a non-root local user should *not* be a "you're scr= ewed >> anyway" scenario. The fundamental security guarantee of a modern operati= ng >> system is that different principals cannot affect each other's resources >> (user chris cannot read or write user jane's email -- let alone root's >> email). This bug breaks that guarantee, and is definitely not a ho-hum b= ug. > > Exactly. =A0This type of vulnerability could turn into a serious threat i= f > being used with some other vulnerabilities that allows code injection, > which is worse. > > Cheers, > - -- > Xin LI =A0 =A0http://www.delphij.net/ Ahem, I must read posts correctly first. Beg pardon, I'll type that 100 times this evening. Chris --=20 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?