Date: Mon, 10 Dec 2001 20:09:33 -0500 (EST) From: "Andrew R. Reiter" <arr@FreeBSD.org> To: Alfred Perlstein <bright@mu.org> Cc: Mike Tancsa <mike@sentex.net>, security@FreeBSD.org, alc@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: AIO vulnerability (from bugtraq) Message-ID: <Pine.NEB.3.96L.1011210200844.12420E-100000@fledge.watson.org> In-Reply-To: <20011210130803.B92148@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Since kkenn is gone for a period of time, should anyone on security-officer respond publically? Or has this already been done and I'm behind email.. On Mon, 10 Dec 2001, Alfred Perlstein wrote: :* Mike Tancsa <mike@sentex.net> [011210 12:25] wrote: :> :> For those not on bugtraq, : :Yah, this needs to be fixed, do note that AIO is not enabled by :default in FreeBSD and the warning is pretty clear. : :Alan, can you take a look at this? I'd really like to get AIO :enabled by default one of these days. :) : :> :> ---Mike :> :> ------------------------------------------------------------------------------ :> Soniq Security Advisory :> David Rufino <dr@soniq.net> Dec 9, 2001 :> :> Race Condition in FreeBSD AIO implementation :> http://elysium.soniq.net/dr/tao/tao.html :> ------------------------------------------------------------------------------ :> :> RISK FACTOR: LOW :> :> SYNOPSIS :> :> AIO is a POSIX standard for asynchronous I/O. Under certain conditions, :> scheduled AIO operations persist after an execve, allowing arbitrary :> overwrites in the memory of the new process. Combined with the permission :> to execute suid binaries, this can yield elevated priviledges. :> Currently VFS_AIO is not enabled in the default FreeBSD kernel config, :> however comments in ``LINT'' suggest security issues have been known about :> privately for some time: :> :> # Use real implementations of the aio_* system calls. There are numerous :> # stability issues in the current aio code that make it unsuitable for :> # inclusion on shell boxes. : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011210200844.12420E-100000>