From owner-freebsd-security@freebsd.org Wed Jul 3 14:08:10 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B603915D4E10 for ; Wed, 3 Jul 2019 14:08:09 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DEB6C75032 for ; Wed, 3 Jul 2019 14:08:08 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-io1-xd2b.google.com with SMTP id h6so5095846ioh.3 for ; Wed, 03 Jul 2019 07:08:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=nKFnPzr0JshS9O7fcoakyc/LT7ivT+CSkeR1mIpsR8E=; b=pHQVgjVE+ubfPu5i77wA/KcHM0Snqb7K3LxWP7+oLRpOlQD35grHWLGTNeDKqYze4u x7ZpVJL2pRPFa3C1KgZsyHXLTC4Vz+8mBEq88JajVymSemVAtBzjY5XEU2sXRAgjztbV /aXcyXa7rmQf9pNcJZIUZvGWClruUDKhPZ0SJNeMBMtI6oI5SCaQ/ZeS4HeLSng9kay4 7T/64rgx0dttVQG+I6W3tBTsWvFLu4JlWvz5kAZw0oxAK1DndjnYWHaFkWyL1gbB9eaJ uQNm6nCKOP4sZVCLUQz/Y6ZRsh0uiX7+m0KVoPGuGeF7ftL18hW2Xbw4BE6Cx8QLQGmt zVnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=nKFnPzr0JshS9O7fcoakyc/LT7ivT+CSkeR1mIpsR8E=; b=bR0+98aosdXp6MEZKoE83ydJH26RBXUa82yy1rlNBqrsl8TxwOzI3Rd1o8z4J96MQm R15lItPULmyPttGjCZXvVIHo+BKFJUf43p9V7Yfkkz95ahUP4Abii/umUr1WJqv+kozo mNCwnm3IT1qlAiqT5XhhRCeB084AYGOxxJgp8b8BVr1PMzTpSA5tSgUiw/rsn/Z3vNzz cc7UPDnVxeFJAH+QcuoccDquKGhKHaNutfu5pQLIMWhLNEfdLiDih3LyX65d5bjIOkMM b7/cLLhkO5futKylIY/B0GkFcdhGIAEdHdSrsn7jPzFHwc/vOsyOtfayh3HHFzZ59MPQ bzmw== X-Gm-Message-State: APjAAAWSy3vfv97POwXeECbGDMFmUrqSFt3UjYV419IZepWfcBuyT3dj ofADqmio/rzHYQL3z8AFDlIgxnW5 X-Google-Smtp-Source: APXvYqwWm6xiktaHCYSatHSlylrv4o9u8M5xCx/itLV/zdnQnTAtsHAsVyBpAnjtErNmKXgyni0dWg== X-Received: by 2002:a6b:5106:: with SMTP id f6mr6044514iob.15.1562162888270; Wed, 03 Jul 2019 07:08:08 -0700 (PDT) Received: from raichu (toroon0560w-lp140-05-70-29-85-38.dsl.bell.ca. [70.29.85.38]) by smtp.gmail.com with ESMTPSA id v26sm2049343iom.88.2019.07.03.07.08.07 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 07:08:07 -0700 (PDT) Sender: Mark Johnston Date: Wed, 3 Jul 2019 10:08:05 -0400 From: Mark Johnston To: "Ronald F. Guilmette" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl Message-ID: <20190703140805.GC83276@raichu> References: <20190703004928.576CA1A7DE@freefall.freebsd.org> <12532.1562118926@segfault.tristatelogic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <12532.1562118926@segfault.tristatelogic.com> User-Agent: Mutt/1.12.0 (2019-05-25) X-Rspamd-Queue-Id: DEB6C75032 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=pHQVgjVE; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-5.46 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.968,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[b.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.78)[ip: (-8.33), ipnet: 2607:f8b0::/32(-3.15), asn: 15169(-2.37), country: US(-0.06)]; MID_RHS_NOT_FQDN(0.50)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 14:08:10 -0000 On Tue, Jul 02, 2019 at 06:55:26PM -0700, Ronald F. Guilmette wrote: > In message <20190703004928.576CA1A7DE@freefall.freebsd.org>, > freebsd-security@freebsd.org wrote: > > >Topic: Privilege escalation in cd(4) driver > >... > >devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from > >cd(4) devices. > > Would it be accurate to say that another possible workaround would be to > simply remove the optical drive from the system(s) entirely? That's correct. Note though that the problem can only be triggered when some media is present in the drive in the first place. > (I dunno about anybody else, but I personally don't even hardly use the > bloody things anymore anyway.)