Date: Mon, 27 Nov 2006 16:07:56 +0000 (UTC) From: "Michael Richards" <michael@fastmail.ca> To: freebsd-security@freebsd.org Cc: lboehne@damogran.de Subject: Re: freebsd-security Digest, Vol 187, Issue 4 Message-ID: <20061127160757.1DE97861514@mail.fastmail.ca> In-Reply-To: <20061125120036.4D7F216A5FC@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> [It's just a panic]
> I was so transfixed on Josh stating that the attacker could as well
> just mount a filesystem with suid root binaries and how that would be
> more useful than a buffer overflow in the filesystem driver. I totally
> missed the fact that we were talking about two bugs where the kernel
> deliberately called panic() ;).
>
> So in this case I'd agree that the panic() is undesirable, but not
> really a security issue.
In the past we have considered remote DOS type attacks to be a security
issue. In this case people discount it saying if the user has physical
access then it's game over anyway. Althought not as serious as privilege
escalation bugs I would have to say that mounting a user's USB drive
shouldn't allow the system to crash. How about something to force a fsck
before allowing the mount? Would that always catch it?
-Michael
_________________________________________________________________
http://fastmail.ca/ - Fast Secure Web Email for Canadians
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061127160757.1DE97861514>