From owner-freebsd-security@FreeBSD.ORG Mon Nov 27 16:18:01 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8F0A316A575 for ; Mon, 27 Nov 2006 16:18:00 +0000 (UTC) (envelope-from michael@fastmail.ca) Received: from mail.fastmail.ca (mail.fastmail.ca [216.126.79.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 512CC43EDF for ; Mon, 27 Nov 2006 16:07:13 +0000 (GMT) (envelope-from michael@fastmail.ca) Received: by mail.fastmail.ca (Postfix, from userid 0) id 1DE97861514; Mon, 27 Nov 2006 11:07:57 -0500 (EST) Received: from 24.200.32.9 by fastmail.ca with HTTP; Mon, 27 Nov 2006 16:07:56 +0000 (UTC) In-Reply-To: <20061125120036.4D7F216A5FC@hub.freebsd.org> To: freebsd-security@freebsd.org Date: Mon, 27 Nov 2006 16:07:56 +0000 (UTC) From: "Michael Richards" X-Fastmail-IP: [24.200.32.9] MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <20061127160757.1DE97861514@mail.fastmail.ca> X-Fastmail-Scanner: Found to be clean X-MailScanner-From: michael@fastmail.ca Cc: lboehne@damogran.de Subject: Re: freebsd-security Digest, Vol 187, Issue 4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2006 16:18:01 -0000 > [It's just a panic] > I was so transfixed on Josh stating that the attacker could as well > just mount a filesystem with suid root binaries and how that would be > more useful than a buffer overflow in the filesystem driver. I totally > missed the fact that we were talking about two bugs where the kernel > deliberately called panic() ;). > > So in this case I'd agree that the panic() is undesirable, but not > really a security issue. In the past we have considered remote DOS type attacks to be a security issue. In this case people discount it saying if the user has physical access then it's game over anyway. Althought not as serious as privilege escalation bugs I would have to say that mounting a user's USB drive shouldn't allow the system to crash. How about something to force a fsck before allowing the mount? Would that always catch it? -Michael _________________________________________________________________ http://fastmail.ca/ - Fast Secure Web Email for Canadians