Date: Sat, 18 Sep 2004 00:49:44 -0500 From: Mike Meyer <mwm@mired.org> To: "Matt Emmerton" <matt@gsicomp.on.ca> Cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow Message-ID: <16715.52344.47229.746257@guru.mired.org> In-Reply-To: <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca> References: <4146316C000077FD@ims3a.cp.tin.it> <20040916235936.GO23987@parcelfarce.linux.theplanet.co.uk> <20040918025217.GB54961@silverwraith.com> <20040918030531.GA23987@parcelfarce.linux.theplanet.co.uk> <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca> <16715.50688.830652.474272@guru.mired.org> <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
In <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca>, Matt Emmerton <matt@gsicomp.on.ca> typed: > ----- Original Message ----- > From: "Mike Meyer" <mwm@mired.org> > To: "Matt Emmerton" <matt@gsicomp.on.ca> > Cc: <viro@parcelfarce.linux.theplanet.co.uk>; "Avleen Vig" > <lists-freebsd@silverwraith.com>; <freebsd-hackers@freebsd.org>; > <gerarra@tin.it> > Sent: Saturday, September 18, 2004 1:22 AM > Subject: Re: FreeBSD Kernel buffer overflow > > > > In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton > <matt@gsicomp.on.ca> typed: > > > I disagree. It really comes down to how secure you want FreeBSD to be, > and > > > the attitude of "we don't need to protect against this case because > anyone > > > who does this is asking for trouble anyway" is one of the main reason > why > > > security holes exist in products today. (Someone else had brought this > up > > > much earlier on in the thread.) > > > > You haven't been paying close enough attention to the discussion. To > > exploit this "security problem" you have to be root. If it's an > > external attacker, you're already owned. > > I'm well aware of that fact. That's still not a reason to protect against > the problem. > > If your leaky bucket has 10 holes in it, would you at least try and plug > some of them? In this case, you're trying to plug holes in a bucket that doesn't have a bottom. Not only that - once you fix the bottom, the holes will be fixed as well. If this qualifies as a security hole, then so does /bin/sh being executable by root. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16715.52344.47229.746257>