From owner-freebsd-security@FreeBSD.ORG Sat Jul 31 13:21:34 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74C47106567D for ; Sat, 31 Jul 2010 13:21:34 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id F3F8D8FC0A for ; Sat, 31 Jul 2010 13:21:33 +0000 (UTC) Received: by bwz12 with SMTP id 12so1382596bwz.13 for ; Sat, 31 Jul 2010 06:21:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=wgxNAv5jcKB5RuyGybxMsFKnOIKTe58rBjS1KbGQxoE=; b=GmF/x5cYLrcQjy+zk5N8EhVFFGlffR1nVTHA2qOt51v68yBGMvfN9PSrlQGjV+3y0a hubwmi1H7/dDGhxVcXCpsjBwzuJL8mSGdKhunotpuQIzd0etcB2qOOqPmT+jDV68e2Yw kQUmgBm2nDCaFEmzfmuuB1vxQwGQf0tDrc0jI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=LYsDPU2gguJnAKF9E6Ye8z1HUiRkQrGabJ76EDa17RVLrYzvUfDxYxskDmYz8KbStU D3b7o1D/cROxd9XtoCOkfyP8Q0h8fGZEt7yGs1VmFCAMwScc0hbqWTzYL6Qcc/RRpjDc UN7Vd8GR6aQezsJHycnHDx3TyQvYNUJ8tgztM= MIME-Version: 1.0 Received: by 10.204.133.129 with SMTP id f1mr2185093bkt.91.1280581183298; Sat, 31 Jul 2010 05:59:43 -0700 (PDT) Received: by 10.204.140.146 with HTTP; Sat, 31 Jul 2010 05:59:43 -0700 (PDT) In-Reply-To: <20100731124136.GN22295@deviant.kiev.zoral.com.ua> References: <235BB726E71747BA980A0EF60F76ED37@2WIRE304> <20100731124136.GN22295@deviant.kiev.zoral.com.ua> Date: Sat, 31 Jul 2010 13:59:43 +0100 Message-ID: From: =?UTF-8?Q?Istv=C3=A1n?= To: Kostik Belousov Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security , Selphie Keller Subject: Re: kernel module for chmod restrictions while in securelevel one or higher X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2010 13:21:34 -0000 http://www.securiteam.com/exploits/6P00C00EKO.html HTH On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov wrote: > On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote: > > Kernel module for chmod restrictions while in securelevel one or higher: > > http://gist.github.com/501800 (fbsd 8.x) > > > > Was looking at the new recent sendfile/mbuf exploit and it was using a > > shellcode that calls chmod syscall to make a setuid/setgid binary. > However > Can you point to the exploit (code) ? > -- the sun shines for all http://l1xl1x.blogspot.com