Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Dec 2009 07:13:40 -0600
From:      Stacey Son <sson@FreeBSD.org>
To:        Anton Shterenlikht <mexas@bristol.ac.uk>
Cc:        freebsd-current@FreeBSD.org, freebsd-questions@FreeBSD.org
Subject:   Re: Root exploit for FreeBSD
Message-ID:  <FADA0857-32E9-433C-AC50-F8AF00B1D269@FreeBSD.org>
In-Reply-To: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
References:  <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote:

>> =46rom my information security manager:
>=20
> 	FreeBSD isn't much used within the University (I understand) and =
has a
> 	(comparatively) poor security record. Most recently, for =
example:
>=20
> 	=
http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352=
.html



=46rom =
http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Ap=
ple-Fails.htm

> All software has bugs, but it's how people react when things go wrong =
that you can judge them. Did the FreeBSD folks sit around and do =
nothing? Did they busy themselves with other things and leave 8.0, 7.1 =
and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours =
later Colin Percival, FreeBSD's security officer, made this =
announcement:
>=20
> A short time ago a 'local root' exploit was posted to the =
full-disclosure mailing list; as the name suggests, this allows a local =
user to execute arbitrary code as root ... since exploit code is already =
widely available I want to make a patch available ASAP.
> And with that, he released said patch.
>=20

So what OS does your information security manager run on his =
{desk,lap}top?

-stacey.=



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?FADA0857-32E9-433C-AC50-F8AF00B1D269>