From owner-freebsd-stable Sun Feb 25 16:42:50 2001 Delivered-To: freebsd-stable@freebsd.org Received: from awww.jeah.net (awww.jeah.net [216.111.239.130]) by hub.freebsd.org (Postfix) with ESMTP id 0143F37B4EC for ; Sun, 25 Feb 2001 16:42:47 -0800 (PST) (envelope-from chris@jeah.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.11.1/8.11.0) with ESMTP id f1Q0gTm16165; Sun, 25 Feb 2001 18:42:30 -0600 (CST) (envelope-from chris@jeah.net) Date: Sun, 25 Feb 2001 18:42:29 -0600 (CST) From: Chris Byrnes To: FreeBSD Stable Cc: Jonathan Slivko Subject: Re: Possible Security Vulnerability In-Reply-To: <20010225163636.H767@ohm.physics.purdue.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Sun, Feb 25, 2001 at 04:32:04PM -0500, Jonathan Slivko wrote: > > I have been testing the security on my machine (FreeBSD 4.2-STABLE) and > > I noticed a bug that could potentially reboot a box from any type of user, > > root or regular user. What I did was I just gave the box a whole bunch of w > > commands like w;w;w;w;w, etc. and just let that run. A few seconds later, > > the box coredumped and rebooted. I got this to occur several times in a row. > > Is this some kind of known vulnerability or is this just something that will > > have to be investigated further? If interested in more details, please feel > > free to e-mail me. Thanks. > > That's not a security vulnerability (ie defined as something which gives > an attacker elevated privileges), that's a bug. Nevertheless, I can't > reproduce it.. possibly because you've given next to nothing as far as > details go. That's a pretty well-known "bug". If you do anything on a machine "too much" to a point the system can't handle the commands, it'll either just fork the new processes, or reboot itself. Nothing new. -Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message