Date: Tue, 10 Oct 2006 21:47:33 -0700 From: Colin Percival <cperciva@freebsd.org> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd security <freebsd-security@freebsd.org>, questions@freebsd.org Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability Message-ID: <452C7765.5080403@freebsd.org> In-Reply-To: <20061010201630.aabaf1a4.wmoran@collaborativefusion.com> References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> <452C25A2.6080809@freebsd.org> <20061010201630.aabaf1a4.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote:
> Colin Percival <cperciva@freebsd.org> wrote:
>> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
^^^^^^^^^^^^^^^^^^^^^^^^^^^
> That was what I expected. Section III seems to hint that it could be
> used by an unprivilidged user to crash or lock a system.
Yes. An unprivileged user who is able to execute code on an affected system
can cause a kernel panic. There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.
> BTW, are you going to be at NYCBSDCon?
No -- I only go to conferences if I have a paper to present.
Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452C7765.5080403>