From owner-freebsd-security  Sun Aug 10 03:25:58 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id DAA15169
          for security-outgoing; Sun, 10 Aug 1997 03:25:58 -0700 (PDT)
Received: from firewall.ftf.dk (root@[129.142.64.2])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA15163
          for <freebsd-security@freebsd.org>; Sun, 10 Aug 1997 03:25:51 -0700 (PDT)
Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id MAA10948; Sun, 10 Aug 1997 12:47:25 +0200
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id MAA10941;
	Sun, 10 Aug 1997 12:22:03 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.5/8.8.5/prosa-1.1) id MAA08917;
	Sun, 10 Aug 1997 12:20:28 +0200 (CEST)
Message-ID: <19970810122028.31693@deepo.prosa.dk>
Date: Sun, 10 Aug 1997 12:20:28 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: Brian Mitchell <brian@firehouse.net>
Cc: freebsd-security@freebsd.org
Subject: Re: procfs hole
References: <Pine.NEB.3.96.970810052824.3287A-100000@apocalypse.saturn.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: Main Body
X-Mailer: Mutt 0.69
In-Reply-To: <Pine.NEB.3.96.970810052824.3287A-100000@apocalypse.saturn.net>; from Brian Mitchell on Sun, Aug 10, 1997 at 05:37:40AM -0400
X-Operating-System: FreeBSD 2.2.1-RELEASE i386
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Brian Mitchell writes:
> 
> be nonwritable can be modified. Enclosed is a simple exploit tested under
> FreeBSD 2.2.1 -- beware, this exploit is slow because it searches memory

	Worked in 1 minute on a DX-33 here :-(

	Has anyone tried with 2.2.2 ?


-- 
                                                              -- Phil

-[ Philippe Regnauld  /  Systems Administrator  /  regnauld@deepo.prosa.dk ]-
-[ Location.: +55.4N +11.3E        PGP Key: finger regnauld@hotel.prosa.dk ]-