From owner-freebsd-security  Thu Feb 26 23:28:42 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA12150
          for freebsd-security-outgoing; Thu, 26 Feb 1998 23:28:42 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from passer.osg.gov.bc.ca (0@passer.osg.gov.bc.ca [142.32.110.29])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA12099;
          Thu, 26 Feb 1998 23:28:27 -0800 (PST)
          (envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id XAA18263; Thu, 26 Feb 1998 23:28:25 -0800 (PST)
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by passer.osg.gov.bc.ca, id smtpdaatCqa; Thu Feb 26 23:28:15 1998
Received: (from uucp@localhost) by cwsys.cwsent.com (8.8.8/8.6.10) id XAA01171; Thu, 26 Feb 1998 23:28:09 -0800 (PST)
Message-Id: <199802270728.XAA01171@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpd001160; Fri Feb 27 07:27:47 1998
Reply-to: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
X-Mailer: MH
X-Sender: cy
To: David Dawes <dawes@rf900.physics.usyd.edu.au>
cc: Mike Smith <mike@smith.net.au>,
        Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>,
        tqbf@secnet.com, freebsd-security@FreeBSD.ORG,
        security-officer@FreeBSD.ORG
Subject: Re: OpenBSD Security Advisory: mmap() Problem 
In-reply-to: Your message of "Fri, 27 Feb 1998 16:57:29 +1100."
             <19980227165729.27270@rf900.physics.usyd.edu.au> 
Date: Thu, 26 Feb 1998 23:27:46 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> On Thu, Feb 26, 1998 at 09:43:49PM -0800, Mike Smith wrote:
> >> I've ported this patch to FreeBSD 2.2.5R.  XIG's Accelerated X server 
> >> crashes trying to access the VT.  To get the XIG Accelerated X server 
> >> to work I've modified the patch to allow superuser to access to 
> >> character devices.  I'm not sure what other applications could break 
> >> because of the originally posted patch or my modified patch, so 
> >> additional study needs to be done.
> >
> >This modification effectively defeats much of the actual usefulness of 
> >the patch.  The bug is a second-order security risk in that an attacker 
> >must already have obtained at least group kmem before she can take 
> >advantage of it.  I don't (at this point) think that we want to go 
> >ahead with this until we hear from XIG.
> 
> Does anyone know if it crashes an XFree86 server.  XFree86 has a new
> release about to come out, and if there might be a problem here it
> would be good for us to know about it now.

It doesn't.  XF86 doesn't open /dev/mem read-only, then write to it like
the XIG X server does.

> 
> David



Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       Cy.Schubert@gems8.gov.bc.ca


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message