From owner-freebsd-security@FreeBSD.ORG Sat Jul 31 13:11:39 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B7161065674 for ; Sat, 31 Jul 2010 13:11:39 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id D8AB88FC1B for ; Sat, 31 Jul 2010 13:11:38 +0000 (UTC) Received: by bwz12 with SMTP id 12so1380088bwz.13 for ; Sat, 31 Jul 2010 06:11:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=wXXn2ONF6x+vIO/qgJC171mXlTyojCdtAfc6xhSmqkA=; b=Hi+ZSuMSRXo/ula3deT6KeoBYw19ec5gbPBo9daH7ieU1Yx+xEcBh+mr3U+DovJveh fV1r0xmuN1G8CvAMPSPT7zYzCb1Vgz5P/IMGtyMLpd+6uAtlepNc23q9V2sH8Z+4ushg 4jVWYDPHCSHre0zhtACW3RtgUMZOVAEJssW6Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GWTBDNaHN869KU+1XXb+P9d51Sq2pw/5H3+2jRuudg9A0uwgzVIRSNvmbpKA07l2/n LADGGynAn7MWYk8tRBCj4ZSENIVOEYCkkl7AEwv1tqnjWulNJ6L77Zpxd0Aytl3iIFVM Eus9rFMvG1sTAAKkzfcrFPUm+5jbLLBM5WETI= MIME-Version: 1.0 Received: by 10.204.100.132 with SMTP id y4mr2167605bkn.117.1280581897885; Sat, 31 Jul 2010 06:11:37 -0700 (PDT) Received: by 10.204.140.146 with HTTP; Sat, 31 Jul 2010 06:11:37 -0700 (PDT) In-Reply-To: <20100731130410.GO22295@deviant.kiev.zoral.com.ua> References: <235BB726E71747BA980A0EF60F76ED37@2WIRE304> <20100731124136.GN22295@deviant.kiev.zoral.com.ua> <20100731130410.GO22295@deviant.kiev.zoral.com.ua> Date: Sat, 31 Jul 2010 14:11:37 +0100 Message-ID: From: =?UTF-8?Q?Istv=C3=A1n?= To: Kostik Belousov Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security , Selphie Keller Subject: Re: kernel module for chmod restrictions while in securelevel one or higher X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2010 13:11:39 -0000 sorry my bad On Sat, Jul 31, 2010 at 2:04 PM, Kostik Belousov wrote: > On Sat, Jul 31, 2010 at 01:59:43PM +0100, Istv??n wrote: > > http://www.securiteam.com/exploits/6P00C00EKO.html > This is an exploit for the archaic SA-05:02.sendfile. Op (semi-)obviously > means exploit for the recent SA-10:07.mbuf, for which I am very > curious whether the working exploit appeared in the wild. > > > > > On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov >wrote: > > > > > On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote: > > > > Kernel module for chmod restrictions while in securelevel one or > higher: > > > > http://gist.github.com/501800 (fbsd 8.x) > > > > > > > > Was looking at the new recent sendfile/mbuf exploit and it was using > a > > > > shellcode that calls chmod syscall to make a setuid/setgid binary. > > > However > > > Can you point to the exploit (code) ? > > > > > > > > > > > -- > > the sun shines for all > > > > http://l1xl1x.blogspot.com > -- the sun shines for all http://l1xl1x.blogspot.com