Date: Mon, 12 Jul 1999 14:29:51 -0400 From: "David E. Cross" <crossd@cs.rpi.edu> To: Scott Michel <scottm@CS.UCLA.EDU> Cc: freebsd-current@FreeBSD.ORG, crossd@cs.rpi.edu Subject: Re: Just the kind of news we needed... Message-ID: <199907121829.OAA86475@cs.rpi.edu> In-Reply-To: Message from Scott Michel <scottm@CS.UCLA.EDU> of "Mon, 12 Jul 1999 10:47:33 PDT." <199907121747.KAA02111@mordred.cs.ucla.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> If you haven't /.'d today, there's a news article purporting that > FreeBSD can be exploited via kernel modules: > > > http://thc.pimmel.com/ I did a quick read of that, I don't see how the system is being exploited at all. All of their tricks need to be able to load a kernel module in order for them to work. And you need to be root to load a kernel module (unless I missed something). That's sort of like saying it is an exploit for root to be able to edit the password file or 'su - userj'. -- David Cross | email: crossd@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907121829.OAA86475>