From owner-freebsd-security@FreeBSD.ORG Sat Jul 31 16:05:19 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FD221065675 for ; Sat, 31 Jul 2010 16:05:19 +0000 (UTC) (envelope-from chris.walker@velocitum.com) Received: from asav3.lyse.net (asav3.lyse.net [81.167.37.131]) by mx1.freebsd.org (Postfix) with ESMTP id E67B98FC0C for ; Sat, 31 Jul 2010 16:05:18 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by asav3.lyse.net (Postfix) with ESMTP id 6968A847FA; Sat, 31 Jul 2010 17:42:50 +0200 (CEST) X-Virus-Scanned: amavisd-new at lyse.net Received: from [192.168.1.102] (173.81-167-5.customer.lyse.net [81.167.5.173]) by asav3.lyse.net (Postfix) with ESMTP id 55D78845B8; Sat, 31 Jul 2010 17:42:49 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v1078) Content-Type: text/plain; charset=iso-8859-1 From: Chris Walker In-Reply-To: Date: Sat, 31 Jul 2010 17:39:47 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <235BB726E71747BA980A0EF60F76ED37@2WIRE304> <20100731124136.GN22295@deviant.kiev.zoral.com.ua> To: =?iso-8859-1?Q?Istv=E1n?= X-Mailer: Apple Mail (2.1078) X-Mailman-Approved-At: Sat, 31 Jul 2010 17:17:41 +0000 Cc: Kostik Belousov , freebsd-security , Selphie Keller Subject: Re: kernel module for chmod restrictions while in securelevel one or higher X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2010 16:05:19 -0000 Hi list #1 Not same exploit referenced in URL. #2 Not same bug, although you had the function right, sort of. #3 That kernel module is useless: The exploit in the wild has already = changed to bypass such restriction. #4 The bug is already patched, upgrade your kernel. #5 If you intend on introducing a kernel module that potentially makes = your system unstable, make sure it actually fixes the bug. This = workaround merely made the exploit grow more lethal, and provides a = FALSE sense of a security, and as such I would *STRONGLY* discourage use = of this kernel module. This is a perfect example of why software developers never ever will be = able to fight blackhat hackers: Ignorance. Thanks. On Jul 31, 2010, at 2:59 PM, Istv=E1n wrote: > http://www.securiteam.com/exploits/6P00C00EKO.html >=20 > HTH >=20 > On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov = wrote: >=20 >> On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote: >>> Kernel module for chmod restrictions while in securelevel one or = higher: >>> http://gist.github.com/501800 (fbsd 8.x) >>>=20 >>> Was looking at the new recent sendfile/mbuf exploit and it was using = a >>> shellcode that calls chmod syscall to make a setuid/setgid binary. >> However >> Can you point to the exploit (code) ? >>=20 >=20 >=20 >=20 > --=20 > the sun shines for all >=20 > http://l1xl1x.blogspot.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" >=20