From owner-freebsd-security@FreeBSD.ORG  Wed Oct 11 04:48:49 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7134B16A412
	for <freebsd-security@freebsd.org>;
	Wed, 11 Oct 2006 04:48:49 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from pd5mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD5143D58
	for <freebsd-security@freebsd.org>;
	Wed, 11 Oct 2006 04:48:48 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd4mr6so.prod.shaw.ca (pd4mr6so-qfe3.prod.shaw.ca [10.0.141.69])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with ESMTP id <0J6Y00GJ8FZCUY10@l-daemon> for
	freebsd-security@freebsd.org; Tue, 10 Oct 2006 22:47:36 -0600 (MDT)
Received: from pn2ml4so.prod.shaw.ca ([10.0.121.148])
	by pd4mr6so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01
	(built Mar
	15 2004)) with ESMTP id <0J6Y00AMXFZCBGM0@pd4mr6so.prod.shaw.ca> for
	freebsd-security@freebsd.org; Tue, 10 Oct 2006 22:47:36 -0600 (MDT)
Received: from hexahedron.daemonology.net ([24.82.18.31])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with SMTP id <0J6Y006G1FZBDL80@l-daemon> for
	freebsd-security@freebsd.org; Tue, 10 Oct 2006 22:47:36 -0600 (MDT)
Received: (qmail 52732 invoked from network); Wed, 11 Oct 2006 04:47:33 +0000
Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1)
	by localhost with SMTP; Wed, 11 Oct 2006 04:47:33 +0000
Date: Tue, 10 Oct 2006 21:47:33 -0700
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <20061010201630.aabaf1a4.wmoran@collaborativefusion.com>
To: Bill Moran <wmoran@collaborativefusion.com>
Message-id: <452C7765.5080403@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Enigmail-Version: 0.94.0.0
References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com>
	<452C25A2.6080809@freebsd.org>
	<20061010201630.aabaf1a4.wmoran@collaborativefusion.com>
User-Agent: Thunderbird 1.5 (X11/20060416)
Cc: freebsd security <freebsd-security@freebsd.org>, questions@freebsd.org
Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO
 Denial of Service Vulnerability
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2006 04:48:49 -0000

Bill Moran wrote:
> Colin Percival <cperciva@freebsd.org> wrote:
>> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> That was what I expected.  Section III seems to hint that it could be
> used by an unprivilidged user to crash or lock a system.

Yes.  An unprivileged user who is able to execute code on an affected system
can cause a kernel panic.  There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.

> BTW, are you going to be at NYCBSDCon?

No -- I only go to conferences if I have a paper to present.

Colin Percival