From owner-freebsd-security  Sat Feb 28 11:53:57 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA12175
          for freebsd-security-outgoing; Sat, 28 Feb 1998 11:53:57 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA12153
          for <freebsd-security@FreeBSD.ORG>; Sat, 28 Feb 1998 11:53:52 -0800 (PST)
          (envelope-from dima@burka.rdy.com)
Received: by burka.rdy.com id LAA25341;
  (8.8.8/RDY) Sat, 28 Feb 1998 11:53:49 -0800 (PST)
Message-Id: <199802281953.LAA25341@burka.rdy.com>
Subject: Re: OpenBSD Security Advisory: mmap() Problem
In-Reply-To: <199802281833.NAA13156@khavrinen.lcs.mit.edu> from Garrett Wollman at "Feb 28, 98 01:33:18 pm"
To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman)
Date: Sat, 28 Feb 1998 11:53:49 -0800 (PST)
Cc: dima@best.net, freebsd-security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Garrett Wollman writes:
> <<On Fri, 27 Feb 1998 20:28:18 -0800 (PST), dima@best.net (Dima Ruban) said:
> 
> > This is not entirely correct. Take a look at OpenBSD's /etc/rc.securelevel.
> > Everything that shoudl have write access to /dev/*mem should be started
> > before securelevel is bumbed.
> 
> And then all you have to do is compromise one of those programs...
> 
> There is a legitimate purpose for starting programs that early, but I
> don't think running an insecure X server is one of them.

Well, please define "insecure X server". Personaly, I don't know about any
security bugs in it.

> 
> -GAWollman
> 
> --
> Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
> wollman@lcs.mit.edu  | O Siem / The fires of freedom 
> Opinions not those of| Dance in the burning flame
> MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message