From owner-freebsd-security Sun May 21 11: 8:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id E723337B5D4 for ; Sun, 21 May 2000 11:08:48 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA97367 for freebsd-security@freebsd.org; Sun, 21 May 2000 14:08:47 -0400 (EDT) (envelope-from cjc) Date: Sun, 21 May 2000 14:08:47 -0400 From: "Crist J. Clark" To: freebsd-security@freebsd.org Subject: The procfs Hole in 2.2.8-STABLE? Message-ID: <20000521140847.G96573@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just want to verify something before I cause myself some pain. From the wording of FreeBSD-SA-00:01, ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:02.procfs.asc Am I to take it that 2.2.8-STABLE would be vulnerable? The following seems to imply it, "Unfortunately, throughout these three years it was still possible to abuse /proc/pid/mem in a similar, though more complicated fashion, which could lead to local root compromise." Since the 2.2.x branch was the RELEASE and STABLE branch for a good part of that three years. It just occured to me recently that the UW IMAP vulnerability that allows users to get a shell combined with a procfs hole would be a Bad Thing on an old 2.2.8-STABLE mailserver I have. I'm not going to go through the pain of upgrading the OS that machine except for security reasons (it's been fine for two years, why fix what ain't broke). Do I need to do upgrade it? Maybe I'll just umount /proc. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message