From owner-freebsd-security  Fri Feb 27 14:34:48 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA13644
          for freebsd-security-outgoing; Fri, 27 Feb 1998 14:34:48 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA13601
          for <freebsd-security@FreeBSD.ORG>; Fri, 27 Feb 1998 14:34:29 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id OAA29161;
	Fri, 27 Feb 1998 14:31:27 -0800 (PST)
Message-Id: <199802272231.OAA29161@dingo.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: Eivind Eklund <eivind@yes.no>
cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
        Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>,
        freebsd-security@FreeBSD.ORG
Subject: Re: OpenBSD Security Advisory: mmap() Problem 
In-reply-to: Your message of "Fri, 27 Feb 1998 17:09:54 +0100."
             <19980227170953.30435@follo.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 27 Feb 1998 14:31:26 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> On Fri, Feb 27, 1998 at 10:01:50AM -0500, Garrett Wollman wrote:
> > <<On Thu, 26 Feb 1998 20:23:06 -0800, Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> said:
> > 
> > > crashes trying to access the VT.  To get the XIG Accelerated X server 
> > > to work I've modified the patch to allow superuser to access to 
> > > character devices.
> > 
> > The would be pointless.
> 
> It'd kill the securelevel facility, but it would still remove the kmem
> => root exploits.  But it isn't good enough, I agree.  Perhaps denying
> the transition only when !(root || securelevel > -1) would be a
> potential solution?  It'd allow AccelX to keep working (AFAIK, it
> won't work with securelevel > 0 anyway) and it would stop all real
> violations I can think of

The fundamental question still hasn't been answered; as Bruce asked, 
why are mmap operations on readonly character devices promoted to
readwrite in the first place?

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message