Date: Fri, 17 Mar 2017 04:38:59 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 217844] devel/gvfs Message-ID: <bug-217844-6497-9ttHXUfpkU@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-217844-6497@https.bugs.freebsd.org/bugzilla/> References: <bug-217844-6497@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217844 --- Comment #3 from q5sys <jt@ixsystems.com> --- I didn't send a BR in to HAL because at this point I dont know what can eve= n be done. To my knowledge exploit code has not been released, so we'd have to = try to figure out what the exploit is and then fix it. The only thing I could come up with at the time was 'remove HAL', but I felt like that request should come from someone more senior than I. Also there's the issue that if that is done, anything depending on HAL like gvfs would h= ave to be modified not to use HAL... which is exactly what this BR is about. I dont want to speak for anyone, but I'm pretty sure that no one really wan= ts to dig around in HAL to try to discover the problem and patch it consider i= t's no longer being maintained on the Linux side. The last patch on the linux s= ide was 2011 per https://cgit.freedesktop.org/hal/log/ As for if this exploit is viable on FreeBSD, PC-BSD was explicitly stated as being vulerable, and since PC-BSD was FreeBSD with pre-configured desktops.= =20 TrueOS has diverged from FreeBSD stable since it's based on 12.Current, but= the older PC-BSD versions were in lock step with the FreeBSD stable branches. = So I'd assume, perhaps incorrectly, that if (for example) PC-BSD 10.x with HAL= was vulnerable, that FreeBSD 10.x would be as well... assuming HAL running on t= hat system. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217844-6497-9ttHXUfpkU>