From owner-freebsd-security@FreeBSD.ORG Wed Oct 11 12:39:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9B5316A4A0 for ; Wed, 11 Oct 2006 12:39:53 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9E3D43D81 for ; Wed, 11 Oct 2006 12:39:43 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from collaborativefusion.com (mx01.pub.collaborativefusion.com [206.210.89.201]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Wed, 11 Oct 2006 08:39:30 -0400 id 00056412.452CE602.00004EC6 Received: from Internal Mail-Server (206.210.89.202) by mx01 (envelope-from wmoran@collaborativefusion.com) with AES256-SHA encrypted SMTP; 11 Oct 2006 08:35:30 -0400 Date: Wed, 11 Oct 2006 08:39:29 -0400 From: Bill Moran To: Colin Percival Message-Id: <20061011083929.fbb9d226.wmoran@collaborativefusion.com> In-Reply-To: <452C7765.5080403@freebsd.org> References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> <452C25A2.6080809@freebsd.org> <20061010201630.aabaf1a4.wmoran@collaborativefusion.com> <452C7765.5080403@freebsd.org> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd security , questions@freebsd.org Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2006 12:39:54 -0000 In response to Colin Percival : > Bill Moran wrote: > > Colin Percival wrote: > >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > That was what I expected. Section III seems to hint that it could be > > used by an unprivileged user to crash or lock a system. > > Yes. An unprivileged user who is able to execute code on an affected system > can cause a kernel panic. There are a variety of reasons for not treating > bugs like this as security issues; the strongest reason imho is that if one > of your users is making a system crash, you can disable his account and call > the police. Thanks for the clarification. >From my standpoint, this qualifies as a "privilege escalation" and warrants action. I see that it's already fixed in RELENG_6_1. Am I correct that there is no intention to MFC this back to RELENG_6_0? And, yes, I can't spell "unprivileged" to save my life, and the spell checker was turned off on my other computer ... -- Bill Moran Collaborative Fusion Inc. **************************************************************** IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****************************************************************