Date: Mon, 18 Dec 2000 19:14:09 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs Message-ID: <156200781518.20001218191409@sandy.ru> In-Reply-To: <20001218153619.071BE37B400@hub.freebsd.org> References: <20001218153619.071BE37B400@hub.freebsd.org>
index | next in thread | previous in thread | raw e-mail
Hello FreeBSD Security Advisories,
As far as I remember this issue was patched twice - in 1997 and in
January 2000. Do I miss something?
18.12.00 18:36, you wrote: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs;
F> 1) Unprivileged local users can gain superuser privileges due to
F> insufficient access control checks on the /proc/<pid>/mem and
F> /proc/<pid>/ctl files, which gives access to a process address space
F> and perform various control operations on the process respectively.
F> The attack proceeds as follows: the attacker can fork() a child
F> process and map the address space of the child in the parent. The
F> child process then exec()s a utility which runs with root or other
F> increased privileges. The parent process incorrectly retains read and
F> write access to the address space of the child process which is now
F> running with increased privileges, and can modify it to execute
F> arbitrary code with those privileges.
--
Vladimir Dubrovin Sandy, ISP
Sandy CCd chief Customers Care dept
http://www.sandy.ru Nizhny Novgorod, Russia
http://www.security.nnov.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?156200781518.20001218191409>