From owner-freebsd-hackers@FreeBSD.ORG  Tue Oct 21 09:30:39 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6852A16A4C3
	for <hackers@freebsd.org>; Tue, 21 Oct 2003 09:30:39 -0700 (PDT)
Received: from obsecurity.dyndns.org
	(adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A8AC43FE0
	for <hackers@freebsd.org>; Tue, 21 Oct 2003 09:30:38 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id 6188766C9E; Tue, 21 Oct 2003 09:30:38 -0700 (PDT)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id 36012A72; Tue, 21 Oct 2003 09:30:38 -0700 (PDT)
Date: Tue, 21 Oct 2003 09:30:38 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Kip Macy <kmacy@fsmware.com>
Message-ID: <20031021163038.GA66101@rot13.obsecurity.org>
References: <20031020134532.B63978@demos.bsdclusters.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
In-Reply-To: <20031020134532.B63978@demos.bsdclusters.com>
User-Agent: Mutt/1.4.1i
cc: hackers@freebsd.org
Subject: Re: process checkpoint restore facility now in DragonFly BSD
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2003 16:30:39 -0000


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Oct 20, 2003 at 01:52:07PM -0700, Kip Macy wrote:

> Please note that there are *SEVERE* security issues with this module.
> The module is not loaded into the kernel by default and, when loaded,
> can only be used by users in the wheel group.

Why the wheel group?  Until now, the only special privilege this group
has is that users are allowed to su to root, if they knew the
password.  It looks like now you've removed the root password barrier
and allow anyone in the wheel group to manipulate processes to obtain
root without a password :-)

Kris

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/lV8tWry0BWjoQKURAkh8AKCK5wo+JjWpt0g6oUz8/NvAPjaidQCfSBUC
H7QvdOZuN39B9pQEz3Z8Epw=
=1ctB
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--