From owner-freebsd-security@FreeBSD.ORG  Tue Nov 28 16:45:48 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 69C6516A47E
	for <freebsd-security@freebsd.org>;
	Tue, 28 Nov 2006 16:45:48 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from redbull.bpaserver.net (redbullneu.bpaserver.net
	[213.198.78.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 64E1843E61
	for <freebsd-security@freebsd.org>;
	Tue, 28 Nov 2006 16:39:16 +0000 (GMT)
	(envelope-from alexander@leidinger.net)
Received: from outgoing.leidinger.net (p54A5E2EC.dip.t-dialin.net
	[84.165.226.236])
	by redbull.bpaserver.net (Postfix) with ESMTP id C7C882E238;
	Tue, 28 Nov 2006 17:38:39 +0100 (CET)
Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102])
	by outgoing.leidinger.net (Postfix) with ESMTP id EE0E05B4C6C;
	Tue, 28 Nov 2006 17:38:17 +0100 (CET)
Received: (from www@localhost)
	by webmail.leidinger.net (8.13.8/8.13.8/Submit) id kASGcHeF081769;
	Tue, 28 Nov 2006 17:38:17 +0100 (CET)
	(envelope-from Alexander@Leidinger.net)
Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by
	webmail.leidinger.net (Horde MIME library) with HTTP; Tue, 28 Nov 2006
	17:38:17 +0100
Message-ID: <20061128173817.r4bbex3h7kkg4ok8@webmail.leidinger.net>
X-Priority: 3 (Normal)
Date: Tue, 28 Nov 2006 17:38:17 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Michael Richards <michael@fastmail.ca>
References: <20061127160757.1DE97861514@mail.fastmail.ca>
In-Reply-To: <20061127160757.1DE97861514@mail.fastmail.ca>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=UTF-8;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3) / FreeBSD-7.0
X-BPAnet-MailScanner-Information: Please contact the ISP for more information
X-BPAnet-MailScanner: Found to be clean
X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-15.364, required 6, autolearn=not spam, BAYES_00 -15.00,
	DK_POLICY_SIGNSOME 0.00, FORGED_RCVD_HELO 0.14, SMILEY -0.50)
X-BPAnet-MailScanner-From: alexander@leidinger.net
X-Spam-Status: No
X-Mailman-Approved-At: Tue, 28 Nov 2006 17:01:05 +0000
Cc: freebsd-security@freebsd.org, lboehne@damogran.de
Subject: Re: freebsd-security Digest, Vol 187, Issue 4
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2006 16:45:48 -0000

Quoting Michael Richards <michael@fastmail.ca> (from Mon, 27 Nov 2006 =20
16:07:56 +0000 (UTC)):

>> [It's just a panic]
>> I was so transfixed on Josh stating that the attacker could as well
>> just mount a filesystem with suid root binaries and how that would be
>> more useful than a buffer overflow in the filesystem driver. I totally
>> missed the fact that we were talking about two bugs where the kernel
>> deliberately called panic() ;).
>>
>> So in this case I'd agree that the panic() is undesirable, but not
>> really a security issue.
>
> In the past we have considered remote DOS type attacks to be a security
> issue. In this case people discount it saying if the user has physical
> access then it's game over anyway. Althought not as serious as privilege

As you said, this is not a remote attack. A local DOS is not nice and =20
should be fixed if feasible, but is not something we typically give as =20
high a priority as major security problems.

> escalation bugs I would have to say that mounting a user's USB drive
> shouldn't allow the system to crash. How about something to force a fsck
> before allowing the mount? Would that always catch it?

Maybe you fail to see how large the problem is: no filesystem we have =20
so far has enough protections for this kind of problems. Doing a fsck =20
may be a solution for a lot of possible problems in such a case, but
  - you don't want to force a fsck of a multi-GB USB harddisk, the
    user will run away to another OS until it is finished
  - you shift the problem to a FS where we don't have a fsck for
    (FAT comes to mind)

Bye,
Alexander.

--=20
Love -- the last of the serious diseases of childhood.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID =3D 72077137