From owner-freebsd-current  Mon Jul 12 11:31:39 1999
Delivered-To: freebsd-current@freebsd.org
Received: from cs.rpi.edu (mumble.cs.rpi.edu [128.213.8.16])
	by hub.freebsd.org (Postfix) with ESMTP id 13812151A2
	for <freebsd-current@FreeBSD.ORG>; Mon, 12 Jul 1999 11:31:28 -0700 (PDT)
	(envelope-from crossd@cs.rpi.edu)
Received: from cs.rpi.edu (phoenix.cs.rpi.edu [128.113.96.153])
	by cs.rpi.edu (8.9.3/8.9.3) with ESMTP id OAA86475;
	Mon, 12 Jul 1999 14:29:55 -0400 (EDT)
Message-Id: <199907121829.OAA86475@cs.rpi.edu>
To: Scott Michel <scottm@CS.UCLA.EDU>
Cc: freebsd-current@FreeBSD.ORG, crossd@cs.rpi.edu
Subject: Re: Just the kind of news we needed... 
In-Reply-To: Message from Scott Michel <scottm@CS.UCLA.EDU> 
   of "Mon, 12 Jul 1999 10:47:33 PDT." <199907121747.KAA02111@mordred.cs.ucla.edu> 
Date: Mon, 12 Jul 1999 14:29:51 -0400
From: "David E. Cross" <crossd@cs.rpi.edu>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> If you haven't /.'d today, there's a news article purporting that
> FreeBSD can be exploited via kernel modules:
> 
> 
> http://thc.pimmel.com/
I did a quick read of that, I don't see how the system is being exploited
at all.  All of their tricks need to be able to load a kernel module in
order for them to work.  And you need to be root to load a kernel module
(unless I missed something).  That's sort of like saying it is an exploit
for root to be able to edit the password file or 'su - userj'.

--
David Cross                               | email: crossd@cs.rpi.edu 
Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd 
Rensselaer Polytechnic Institute,         | Ph: 518.276.2860            
Department of Computer Science            | Fax: 518.276.4033
I speak only for myself.                  | WinNT:Linux::Linux:FreeBSD


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message