From owner-freebsd-security  Thu Feb 26 21:58:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA26641
          for freebsd-security-outgoing; Thu, 26 Feb 1998 21:58:46 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rf900.physics.usyd.edu.au (rf900.physics.usyd.edu.au [129.78.129.109])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26604;
          Thu, 26 Feb 1998 21:58:02 -0800 (PST)
          (envelope-from dawes@rf900.physics.usyd.edu.au)
Received: (from dawes@localhost) by rf900.physics.usyd.edu.au (8.8.5/8.8.2) id QAA09092; Fri, 27 Feb 1998 16:57:30 +1100 (EST)
Message-ID: <19980227165729.27270@rf900.physics.usyd.edu.au>
Date: Fri, 27 Feb 1998 16:57:29 +1100
From: David Dawes <dawes@rf900.physics.usyd.edu.au>
To: Mike Smith <mike@smith.net.au>
Cc: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>,
        tqbf@secnet.com, freebsd-security@FreeBSD.ORG,
        security-officer@FreeBSD.ORG
Subject: Re: OpenBSD Security Advisory: mmap() Problem
References: <199802270423.UAA01955@cwsys.cwsent.com> <199802270543.VAA26437@dingo.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <199802270543.VAA26437@dingo.cdrom.com>; from Mike Smith on Thu, Feb 26, 1998 at 09:43:49PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Thu, Feb 26, 1998 at 09:43:49PM -0800, Mike Smith wrote:
>> I've ported this patch to FreeBSD 2.2.5R.  XIG's Accelerated X server 
>> crashes trying to access the VT.  To get the XIG Accelerated X server 
>> to work I've modified the patch to allow superuser to access to 
>> character devices.  I'm not sure what other applications could break 
>> because of the originally posted patch or my modified patch, so 
>> additional study needs to be done.
>
>This modification effectively defeats much of the actual usefulness of 
>the patch.  The bug is a second-order security risk in that an attacker 
>must already have obtained at least group kmem before she can take 
>advantage of it.  I don't (at this point) think that we want to go 
>ahead with this until we hear from XIG.

Does anyone know if it crashes an XFree86 server.  XFree86 has a new
release about to come out, and if there might be a problem here it
would be good for us to know about it now.

David

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message