From owner-freebsd-chat Thu Feb 8 2: 7:58 2001 Delivered-To: freebsd-chat@freebsd.org Received: from nef.ens.fr (nef.ens.fr [129.199.96.32]) by hub.freebsd.org (Postfix) with ESMTP id D4C7C37B491 for ; Thu, 8 Feb 2001 02:07:37 -0800 (PST) Received: from corto.lpt.ens.fr (corto.lpt.ens.fr [129.199.122.2]) by nef.ens.fr (8.10.1/1.01.28121999) with ESMTP id f18A7a437476 ; Thu, 8 Feb 2001 11:07:36 +0100 (CET) Received: from (rsidd@localhost) by corto.lpt.ens.fr (8.9.3/jtpda-5.3.1) id LAA04915 ; Thu, 8 Feb 2001 11:07:36 +0100 (CET) Date: Thu, 8 Feb 2001 11:07:36 +0100 From: Rahul Siddharthan To: Brett Glass Cc: Paul Richards , chat@FreeBSD.ORG Subject: Re: Laugh: [Fwd: Microsoft Security Bulletin MS01-008] Message-ID: <20010208110736.F2429@lpt.ens.fr> References: <3A81DDC9.EF6D7D84@originative.co.uk> <4.3.2.7.2.20010207233106.0458f7c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20010207233106.0458f7c0@localhost>; from brett@lariat.org on Wed, Feb 07, 2001 at 11:32:02PM -0700 X-Operating-System: FreeBSD 3.4-STABLE i386 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass said on Feb 7, 2001 at 23:32:02: > At 04:44 PM 2/7/2001, Paul Richards wrote: > > >You've gotta laugh really, a root compromise exists and the mitigating > >controls are to not let anyone use the box! > > What's the difference between this and the recent procfs local root > exploit in FreeBSD? Maybe this: that the FreeBSD advisory doesn't consider it a "mitigating control" that only local users with permission to run arbitrary programs can exploit it, or claim that "best practices recommend against this"? R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message