From owner-freebsd-bugs  Fri Oct 31 11:51:24 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA00907
          for bugs-outgoing; Fri, 31 Oct 1997 11:51:24 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id LAA00894
          for <freebsd-bugs@FreeBSD.ORG>; Fri, 31 Oct 1997 11:51:20 -0800 (PST)
          (envelope-from j@uriah.heep.sax.de)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id UAA23187; Fri, 31 Oct 1997 20:50:59 +0100
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.7/8.8.5) id UAA11168;
	Fri, 31 Oct 1997 20:42:48 +0100 (MET)
Message-ID: <19971031204248.VR10481@uriah.heep.sax.de>
Date: Fri, 31 Oct 1997 20:42:48 +0100
From: j@uriah.heep.sax.de (J Wunsch)
To: xforce@iss.net (X-Force)
Cc: freebsd-bugs@FreeBSD.ORG
Subject: Re: FreeBSD open() Vulnerability
References: <Pine.LNX.3.95.971031092524.13604A-100000@arden.iss.net>
X-Mailer: Mutt 0.60_p2-3,5,8-9
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
	micalg=pgp-md5; boundary="H7W16=UdOxVlW8ac"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <Pine.LNX.3.95.971031092524.13604A-100000@arden.iss.net>; from X-Force on Oct 31, 1997 09:26:56 -0500
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


--H7W16=UdOxVlW8ac

As X-Force wrote:

> Here is a preview of our ISS Summary that is going out on November 5,
> 1997.  This is for you to review for any possible additions or corrections
> as well as make you aware of this Summary before it goes to our clients
> and the public.

> A problem exists in in the way that FreeBSD's open() system call obtains
> the right to execute io instructions.  This problem has been corrected in
> versions of FreeBSD-stable as of 10/23/97 and FreeBSD-current as of
> 10/24/97.

The actual problem in FreeBSD-current has already been plugged by
1997/04/14 (revision 1.42 of src/sys/i386/i386/mem.c introduced the
check for superuser privileges in order to obtain IOPL rights).  So
while the open() bug was fixed on 1997/10/24 (please don't use the
US-centric date notation, it's often ambiguous), no serious problem is
known for this bug other than the /dev/io exploit already fixed
before.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

--H7W16=UdOxVlW8ac
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBNFo0t3W7bjh2o/exAQF4oQP/X2sp4CDe4E0NzPby1rkew8t0Gh1WxuZl
v3zCJmine7MBLYKjjk8By5CIf5thSlFS1koGyGZ89mbi2WGrJwZB4gkb2dLri+8f
eHWvbq5xO+rG2K2XuPmYZn8+D68nkHvips07OJdyqX6Es0w0fyMu7JU+Z99jvXjQ
61qtZpoSkzY=
=7VY6
-----END PGP SIGNATURE-----

--H7W16=UdOxVlW8ac--