From owner-freebsd-security@FreeBSD.ORG  Sat Jul 31 12:55:59 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 94E481065675
	for <freebsd-security@freebsd.org>;
	Sat, 31 Jul 2010 12:55:59 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200])
	by mx1.freebsd.org (Postfix) with ESMTP id 11B4B8FC14
	for <freebsd-security@freebsd.org>;
	Sat, 31 Jul 2010 12:55:58 +0000 (UTC)
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua
	[10.1.1.148])
	by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id o6VCfaB5033038
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 31 Jul 2010 15:41:36 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id
	o6VCfaZr089627; Sat, 31 Jul 2010 15:41:36 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id o6VCfaOE089626; 
	Sat, 31 Jul 2010 15:41:36 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to
	kostikbel@gmail.com using -f
Date: Sat, 31 Jul 2010 15:41:36 +0300
From: Kostik Belousov <kostikbel@gmail.com>
To: Selphie Keller <selphie.keller@gmail.com>
Message-ID: <20100731124136.GN22295@deviant.kiev.zoral.com.ua>
References: <235BB726E71747BA980A0EF60F76ED37@2WIRE304>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="9j9z4uig7ElIUlwi"
Content-Disposition: inline
In-Reply-To: <235BB726E71747BA980A0EF60F76ED37@2WIRE304>
User-Agent: Mutt/1.4.2.3i
X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20,
	DNS_FROM_OPENWHOIS autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	skuns.kiev.zoral.com.ua
Cc: freebsd-security@freebsd.org
Subject: Re: kernel module for chmod restrictions while in securelevel one
	or higher
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2010 12:55:59 -0000


--9j9z4uig7ElIUlwi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote:
> Kernel module for chmod restrictions while in securelevel one or higher:
> http://gist.github.com/501800 (fbsd 8.x)
>=20
> Was looking at the new recent sendfile/mbuf exploit and it was using a
> shellcode that calls chmod syscall to make a setuid/setgid binary. However
Can you point to the exploit (code) ?

--9j9z4uig7ElIUlwi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iEYEARECAAYFAkxUGgAACgkQC3+MBN1Mb4j7XgCeN3eeGinQ28eRSz/KRXPcL/uW
E0sAoOyFDWeOQasKxsr8aMgjahuKr7iP
=fWxs
-----END PGP SIGNATURE-----

--9j9z4uig7ElIUlwi--