Date: Sat, 18 Sep 2004 01:39:01 -0400 From: "Matt Emmerton" <matt@gsicomp.on.ca> To: "Mike Meyer" <mwm@mired.org> Cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca> References: <4146316C000077FD@ims3a.cp.tin.it><20040916235936.GO23987@parcelfarce.linux.theplanet.co.uk><20040918025217.GB54961@silverwraith.com><20040918030531.GA23987@parcelfarce.linux.theplanet.co.uk><001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca> <16715.50688.830652.474272@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Mike Meyer" <mwm@mired.org> To: "Matt Emmerton" <matt@gsicomp.on.ca> Cc: <viro@parcelfarce.linux.theplanet.co.uk>; "Avleen Vig" <lists-freebsd@silverwraith.com>; <freebsd-hackers@freebsd.org>; <gerarra@tin.it> Sent: Saturday, September 18, 2004 1:22 AM Subject: Re: FreeBSD Kernel buffer overflow > In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton <matt@gsicomp.on.ca> typed: > > I disagree. It really comes down to how secure you want FreeBSD to be, and > > the attitude of "we don't need to protect against this case because anyone > > who does this is asking for trouble anyway" is one of the main reason why > > security holes exist in products today. (Someone else had brought this up > > much earlier on in the thread.) > > You haven't been paying close enough attention to the discussion. To > exploit this "security problem" you have to be root. If it's an > external attacker, you're already owned. I'm well aware of that fact. That's still not a reason to protect against the problem. If your leaky bucket has 10 holes in it, would you at least try and plug some of them? -- Matt Emmerton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006201c49d42$0c751aa0$1200a8c0>