From owner-freebsd-security Sun May 21 11:19:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id E788837B680 for ; Sun, 21 May 2000 11:19:51 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id LAA15066; Sun, 21 May 2000 11:19:49 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda15064; Sun May 21 11:19:49 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id LAA01168; Sun, 21 May 2000 11:19:49 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdTe1166; Sun May 21 11:19:28 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4LIJSX67798; Sun, 21 May 2000 11:19:28 -0700 (PDT) Message-Id: <200005211819.e4LIJSX67798@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdC67788; Sun May 21 11:19:22 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: cjclark@home.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: The procfs Hole in 2.2.8-STABLE? In-reply-to: Your message of "Sun, 21 May 2000 14:08:47 EDT." <20000521140847.G96573@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 21 May 2000 11:19:22 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000521140847.G96573@cc942873-a.ewndsr1.nj.home.com>, "Crist J. Cl ark" writes: > I just want to verify something before I cause myself some pain. From > the wording of FreeBSD-SA-00:01, > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:02.procfs.a > sc > > Am I to take it that 2.2.8-STABLE would be vulnerable? The following > seems to imply it, > > "Unfortunately, throughout these three years it was still possible to > abuse /proc/pid/mem in a similar, though more complicated fashion, > which could lead to local root compromise." > > Since the 2.2.x branch was the RELEASE and STABLE branch for a good > part of that three years. > > It just occured to me recently that the UW IMAP vulnerability that > allows users to get a shell combined with a procfs hole would be a Bad > Thing on an old 2.2.8-STABLE mailserver I have. I'm not going to go > through the pain of upgrading the OS that machine except for security > reasons (it's been fine for two years, why fix what ain't broke). > > Do I need to do upgrade it? Maybe I'll just umount /proc. Just umount /proc, though ps won't display the command line and gdb won't work. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message