Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 May 2004 12:46:02 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Richard Stevenson <richard@endace.com>
Cc:        questions@freebsd.org
Subject:   Re: your mail
Message-ID:  <20040527114602.GC9499@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <Pine.LNX.4.60.0405271034060.26063@zhba.rg.raqnpr.pbz>
References:  <Pine.LNX.4.60.0405271034060.26063@zhba.rg.raqnpr.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help 

--YD3LsXFS42OYHhNZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 27, 2004 at 10:36:48AM +1200, Richard Stevenson wrote:

> I've got a quick question about the most recent security advisory,=20
> FreeBSD-SA-04:11.msync.  I'm trying to figure out how big an issue it is=
=20
> (whether or not I need to stop everyone's access to the file server until=
=20
> it's patched), given that we've got no "untrusted" users on our systems.=
=20
> Does anyone know if it's possible for a user to trigger this problem=20
> unintentionally or accidentally?

You user would have to run some code programmed specially to produce
the effect.  Look at this thread on freebsd-hackers to see the problem
report that ultimately resulted in the security advisory:

    http://lists.freebsd.org/pipermail/freebsd-hackers/2004-March/006396.ht=
ml

As you can see, the first discovery was due to inadvertently
triggering the behaviour.  However, if the problem isn't happening to
you already, and you trust your users to the extent that they will not
deliberately set out to trigger such a thing, then you can probably
get away allowing your users to carry on accesssing your file server
for a while longer.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--YD3LsXFS42OYHhNZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAtdT6iD657aJF7eIRAiWFAJ9E5UlM1gDN2ksumXpP5CrQG/HIcgCffqrO
dlzzyz2KfixVpQwkENuQEJ0=
=dGQ6
-----END PGP SIGNATURE-----

--YD3LsXFS42OYHhNZ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040527114602.GC9499>