From owner-freebsd-security@FreeBSD.ORG Sun Jan 14 16:43:20 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D6B1616A417 for ; Sun, 14 Jan 2007 16:43:20 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 9377513C45E for ; Sun, 14 Jan 2007 16:43:20 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A5DEEC.dip.t-dialin.net [84.165.222.236]) by redbull.bpaserver.net (Postfix) with ESMTP id 13F082E0A7; Sun, 14 Jan 2007 17:50:14 +0100 (CET) Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) by outgoing.leidinger.net (Postfix) with ESMTP id 3BA455B497E; Sun, 14 Jan 2007 17:43:12 +0100 (CET) Date: Sun, 14 Jan 2007 17:43:11 +0100 From: Alexander Leidinger To: Bill Moran Message-ID: <20070114174311.6247e81d@Magellan.Leidinger.net> In-Reply-To: <20070114110636.b8d84c4c.wmoran@collaborativefusion.com> References: <64b272cb0701140319y4e86d969ld4532cfa2408cc8f@mail.gmail.com> <20070114101515.adaecd4e.wmoran@collaborativefusion.com> <20070114170124.432d882f@Magellan.Leidinger.net> <20070114110636.b8d84c4c.wmoran@collaborativefusion.com> X-Mailer: Claws Mail 2.7.0 (GTK+ 2.10.7; i686-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.864, required 6, autolearn=not spam, BAYES_00 -15.00, DK_POLICY_SIGNSOME 0.00, FORGED_RCVD_HELO 0.14) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No X-Mailman-Approved-At: Mon, 15 Jan 2007 01:27:56 +0000 Cc: Kobajashi Zaghi , freebsd-security@freebsd.org Subject: Re: MOAB advisories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2007 16:43:20 -0000 Quoting Bill Moran (Sun, 14 Jan 2007 11:06:36 -0500): > Alexander Leidinger wrote: > > > > Quoting Bill Moran (Sun, 14 Jan 2007 10:15:15 -0500): > > > > > "Kobajashi Zaghi" wrote: > > > > > > > > I would like to know, that these following "vulnerabilities" does > > > > affect FreeBSD's reliability? If the answer is "yes", what version of > > > > FreeBSD affected, when will be fixed, etc. > > > > > > > > http://projects.info-pull.com/moab/MOAB-12-01-2007.html > > > > http://projects.info-pull.com/moab/MOAB-10-01-2007.html > > > > > > These folks are establishing themselves as careless, alarmist, and > > > uneducated when it comes to kernel bugs. > > > > > > In FreeBSD, the above mentioned flaws can, indeed, cause a kernel panic. > > > However, this is intended behaviour when a corrupt filesystem is > > > encountered. It protects the system from serious damage that could > > > result from trying to work with the corrupt filesystem. > > > > > > The difference, that the info-pull folks seem to be too stupid to > > > understand, is that FreeBSD does not allow mounting of filesystems > > > by anyone other than root. > > > > Except root did set the sysctl to allow this, or started a HAL daemon > > which mounts stuff for the desktop user, or uses amd to mount stuff. > > All decisions made by root. Yes. I just wanted to point out that it only is a non-issue when root didn't made specific configuration operations. Those configs are ok, as long as you know about the consequences. We do not have warnings about this in all places where we should have them. Bye, Alexander. -- Ohh, my son doesn't stand a chance! The whole world has gone gay! -- Homer Simpson Homer's Phobia http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137