Date: Mon, 15 Apr 2002 10:53:25 +1000 (Australia/ACT) From: Darren Reed <avalon@coombs.anu.edu.au> To: list@rachinsky.de (Nicolas Rachinsky) Cc: security@FreeBSD.ORG Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Message-ID: <200204150053.KAA22843@caligula.anu.edu.au> In-Reply-To: <20020411204516.GA51239@pc5.abc> from "Nicolas Rachinsky" at Apr 11, 2002 10:45:17 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Nicolas Rachinsky, sie said: > > * Brett Glass <brett@lariat.org> [2002-04-11 14:12:01 -0600]: > > [This is a corrected version of the previous message, which omitted > > the word "isn't" near the beginning of the second paragraph.] > > > > The vulnerability described in the message below is a classic > > "in-band signalling" problem that may give an unauthorized user > > the ability to run an arbitrary command as root. > > > > Fortunately, the vulnerability isn't present in FreeBSD's daily, weekly, > > and monthly maintenance scripts, because they use sendmail rather > > than /bin/mail. Nonetheless, the same patch should be applied to > > FreeBSD's /bin/mail due to the possibility that other privileged > > utilities (or user-written scripts) might use /bin/mail instead of > > sendmail to create e-mail messages. > > man mail says: > -I Forces mail to run in interactive mode even when input is not a > terminal. In particular, the `~' special character when sending > mail is only active in interactive mode. As I'm sure others have already pointed out: OpenBSD re-introduced this bug themselves in OpenBSD. It has been fixed everywhere else for some time. Things like this little incident are good to take note of so when someone is saying: "but OpenBSD has better security" you can say: "Really? They're seem to add as many security bugs by themselves as they fix". (or similar - you get the idea). The general idea being for an O/S that prides itself on "security" and "code auditting", you'd think they'd know better than to reintroduce old security bugs. In OpenSSH's lifetime, there have been 7 security bugs in it and only 4 in ssh.com's version. Another OpenSSH bug and that'll be twice as many as for ssh.com. All of those 7 have been introduced by the OpenSSH programmers. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204150053.KAA22843>