Date: Fri, 11 Dec 2009 07:13:40 -0600 From: Stacey Son <sson@FreeBSD.org> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-current@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: Root exploit for FreeBSD Message-ID: <FADA0857-32E9-433C-AC50-F8AF00B1D269@FreeBSD.org> In-Reply-To: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote: >> =46rom my information security manager: >=20 > FreeBSD isn't much used within the University (I understand) and = has a > (comparatively) poor security record. Most recently, for = example: >=20 > = http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352= .html =46rom = http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Ap= ple-Fails.htm > All software has bugs, but it's how people react when things go wrong = that you can judge them. Did the FreeBSD folks sit around and do = nothing? Did they busy themselves with other things and leave 8.0, 7.1 = and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours = later Colin Percival, FreeBSD's security officer, made this = announcement: >=20 > A short time ago a 'local root' exploit was posted to the = full-disclosure mailing list; as the name suggests, this allows a local = user to execute arbitrary code as root ... since exploit code is already = widely available I want to make a patch available ASAP. > And with that, he released said patch. >=20 So what OS does your information security manager run on his = {desk,lap}top? -stacey.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FADA0857-32E9-433C-AC50-F8AF00B1D269>