From owner-freebsd-security@FreeBSD.ORG  Wed Jun 16 09:05:10 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 04A1F1065680
	for <freebsd-security@freebsd.org>;
	Wed, 16 Jun 2010 09:05:10 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from xps.daemonology.net (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx2.freebsd.org (Postfix) with SMTP id 36B1B1539A8
	for <freebsd-security@freebsd.org>;
	Wed, 16 Jun 2010 09:05:04 +0000 (UTC)
Received: (qmail 37488 invoked from network); 16 Jun 2010 09:05:03 -0000
Received: from unknown (HELO xps.daemonology.net) (127.0.0.1)
	by localhost with SMTP; 16 Jun 2010 09:05:03 -0000
Message-ID: <4C1893BF.30204@freebsd.org>
Date: Wed, 16 Jun 2010 02:05:03 -0700
From: FreeBSD Security Officer <cperciva@freebsd.org>
Organization: FreeBSD Project
User-Agent: Thunderbird 2.0.0.24 (X11/20100329)
MIME-Version: 1.0
To: freebsd security <freebsd-security@freebsd.org>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: alleged freebsd local root exploit youtube video
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: security-officer@freebsd.org
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2010 09:05:10 -0000

Hi all,

Several people have written to me over the past couple of days to ask about a
youtube video which allegedly shows a local root vulnerability in 8.1-beta1
being exploited.

It is possible that the video is real and someone has found a vulnerability.

It is also possible that the video is completely fake.  There is no evidence
on the video which is remotely conclusive in either direction.  Given that
the producer of the video doesn't seem to know how to spell my name (one L,
not two!) I'm inclined to suspect the latter.

If the producer of the video has in fact discovered a FreeBSD vulnerability,
I would invite him to contact secteam@freebsd.org; he would get his name in
the Credits section of the resulting advisory.

Otherwise, I suggest that youtube videos of this nature be ignored.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid