From owner-freebsd-current@FreeBSD.ORG  Fri Dec 11 14:16:17 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D92E71065670;
	Fri, 11 Dec 2009 14:16:17 +0000 (UTC)
	(envelope-from sson@FreeBSD.org)
Received: from soncrib.com (soncrib.com [199.238.168.70])
	by mx1.freebsd.org (Postfix) with ESMTP id BE0058FC19;
	Fri, 11 Dec 2009 14:16:17 +0000 (UTC)
Received: from nextstepng.son.org (adsl-99-157-26-76.dsl.rcsntx.sbcglobal.net
	[99.157.26.76]) (authenticated bits=0)
	by soncrib.com (8.13.1/8.13.1) with ESMTP id nBBDDeix020380;
	Fri, 11 Dec 2009 13:13:43 GMT
Mime-Version: 1.0 (Apple Message framework v1077)
From: Stacey Son <sson@FreeBSD.org>
In-Reply-To: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
Date: Fri, 11 Dec 2009 07:13:40 -0600
Message-Id: <FADA0857-32E9-433C-AC50-F8AF00B1D269@FreeBSD.org>
References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
To: Anton Shterenlikht <mexas@bristol.ac.uk>
X-Mailer: Apple Mail (2.1077)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-current@FreeBSD.org, freebsd-questions@FreeBSD.org
Subject: Re: Root exploit for FreeBSD
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 14:16:18 -0000


On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote:

>> =46rom my information security manager:
>=20
> 	FreeBSD isn't much used within the University (I understand) and =
has a
> 	(comparatively) poor security record. Most recently, for =
example:
>=20
> 	=
http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352=
.html



=46rom =
http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Ap=
ple-Fails.htm

> All software has bugs, but it's how people react when things go wrong =
that you can judge them. Did the FreeBSD folks sit around and do =
nothing? Did they busy themselves with other things and leave 8.0, 7.1 =
and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours =
later Colin Percival, FreeBSD's security officer, made this =
announcement:
>=20
> A short time ago a 'local root' exploit was posted to the =
full-disclosure mailing list; as the name suggests, this allows a local =
user to execute arbitrary code as root ... since exploit code is already =
widely available I want to make a patch available ASAP.
> And with that, he released said patch.
>=20

So what OS does your information security manager run on his =
{desk,lap}top?

-stacey.=