Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Dec 2001 13:08:03 -0600
From:      Alfred Perlstein <bright@mu.org>
To:        Mike Tancsa <mike@sentex.net>
Cc:        security@freebsd.org, alc@freebsd.org
Subject:   Re: AIO vulnerability (from bugtraq)
Message-ID:  <20011210130803.B92148@elvis.mu.org>
In-Reply-To: <5.1.0.14.0.20011210131730.04998cf0@marble.sentex.ca>; from mike@sentex.net on Mon, Dec 10, 2001 at 01:18:29PM -0500
References:  <5.1.0.14.0.20011210131730.04998cf0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
* Mike Tancsa <mike@sentex.net> [011210 12:25] wrote:
> 
> For those not on bugtraq,

Yah, this needs to be fixed, do note that AIO is not enabled by
default in FreeBSD and the warning is pretty clear.

Alan, can you take a look at this?  I'd really like to get AIO
enabled by default one of these days. :)

> 
> 	---Mike
> 
> ------------------------------------------------------------------------------
> Soniq Security Advisory
> David Rufino <dr@soniq.net> Dec 9, 2001
> 
> Race Condition in FreeBSD AIO implementation
> http://elysium.soniq.net/dr/tao/tao.html
> ------------------------------------------------------------------------------
> 
> RISK FACTOR: LOW
> 
> SYNOPSIS
> 
> AIO is a POSIX standard for asynchronous I/O. Under certain conditions,
> scheduled AIO operations persist after an execve, allowing arbitrary
> overwrites in the memory of the new process. Combined with the permission
> to execute suid binaries, this can yield elevated priviledges.
> Currently VFS_AIO is not enabled in the default FreeBSD kernel config,
> however comments in ``LINT'' suggest security issues have been known about
> privately for some time:
> 
> # Use real implementations of the aio_* system calls.  There are numerous
> # stability issues in the current aio code that make it unsuitable for
> # inclusion on shell boxes.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210130803.B92148>