From owner-freebsd-security Mon Dec 18 8:16:45 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 08:16:44 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id DC9AF37B400 for ; Mon, 18 Dec 2000 08:16:42 -0800 (PST) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.40]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1-AGK-0.5) with ESMTP id TAA05980 for ; Mon, 18 Dec 2000 19:14:08 +0300 (MSK) Date: Mon, 18 Dec 2000 19:14:09 +0300 From: Vladimir Dubrovin X-Mailer: The Bat! (v1.47 Halloween Edition) Reply-To: Vladimir Dubrovin Organization: Sandy Info X-Priority: 3 (Normal) Message-ID: <156200781518.20001218191409@sandy.ru> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs In-reply-To: <20001218153619.071BE37B400@hub.freebsd.org> References: <20001218153619.071BE37B400@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello FreeBSD Security Advisories, As far as I remember this issue was patched twice - in 1997 and in January 2000. Do I miss something? 18.12.00 18:36, you wrote: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs; F> 1) Unprivileged local users can gain superuser privileges due to F> insufficient access control checks on the /proc//mem and F> /proc//ctl files, which gives access to a process address space F> and perform various control operations on the process respectively. F> The attack proceeds as follows: the attacker can fork() a child F> process and map the address space of the child in the parent. The F> child process then exec()s a utility which runs with root or other F> increased privileges. The parent process incorrectly retains read and F> write access to the address space of the child process which is now F> running with increased privileges, and can modify it to execute F> arbitrary code with those privileges. -- Vladimir Dubrovin Sandy, ISP Sandy CCd chief Customers Care dept http://www.sandy.ru Nizhny Novgorod, Russia http://www.security.nnov.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message