From owner-freebsd-security Thu Feb 22 19:36:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53]) by hub.freebsd.org (Postfix) with ESMTP id 4266037B401 for ; Thu, 22 Feb 2001 19:36:26 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id D0ADE66C34; Thu, 22 Feb 2001 19:36:25 -0800 (PST) Date: Thu, 22 Feb 2001 19:36:25 -0800 From: Kris Kennaway To: Mike Tancsa Cc: Kris Kennaway , freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <20010222193625.A12797@mollari.cthul.hu> References: <200102222330.f1MNU7e64567@cwsys.cwsent.com> <20010222134703.A7745@mollari.cthul.hu> <200102222330.f1MNU7e64567@cwsys.cwsent.com> <20010222192805.A12575@mollari.cthul.hu> <4.2.2.20010222223209.03bb2600@marble.sentex.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.2.2.20010222223209.03bb2600@marble.sentex.net>; from mike@sentex.net on Thu, Feb 22, 2001 at 10:33:09PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 22, 2001 at 10:33:09PM -0500, Mike Tancsa wrote: > At 07:28 PM 2/22/2001 -0800, Kris Kennaway wrote: > > > > > > The worst that could happen is that the intruder could fill your disk. > > > >No, they still get the ability to run arbitrary code because they > >compromise a running process and take over its execution context. The >=20 > But only as the non root UID though right ? In the absence of an accessible userland or kernel root hole, yes. e.g. if you had old versions of procfs (i.e. prior to the advisory from a few months ago) available to the environment of the bind process they could get kernel privileges and completely take over the machine, sans any restrictions). Kris --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ldq5Wry0BWjoQKURAhT+AJ4x2dpJGi3cvMbS7HDYJy7WymzTfwCfaNnK 2W/n2/8KrqoJA8udPNXxtNI= =0f2a -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message