From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 18 05:58:04 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED15016A4CE for ; Sat, 18 Sep 2004 05:58:04 +0000 (GMT) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF4CA43D41 for ; Sat, 18 Sep 2004 05:58:04 +0000 (GMT) (envelope-from mwm-dated-1096350585.3c22e6@mired.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id 55E4212A785 for ; Fri, 17 Sep 2004 22:58:04 -0700 (PDT) Received: from mired.org (mwm@idiom [216.240.32.1]) by idiom.com (8.12.11/8.12.11) with SMTP id i8I5nj5q008782 for ; Fri, 17 Sep 2004 22:49:46 -0700 (PDT) (envelope-from mwm-dated-1096350585.3c22e6@mired.org) Received: (qmail 32941 invoked by uid 100); 18 Sep 2004 05:49:45 -0000 Received: by guru.mired.org (tmda-sendmail, from uid 100); Sat, 18 Sep 2004 00:49:44 -0500 (CDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16715.52344.47229.746257@guru.mired.org> Date: Sat, 18 Sep 2004 00:49:44 -0500 To: "Matt Emmerton" In-Reply-To: <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca> References: <4146316C000077FD@ims3a.cp.tin.it> <20040916235936.GO23987@parcelfarce.linux.theplanet.co.uk> <20040918025217.GB54961@silverwraith.com> <20040918030531.GA23987@parcelfarce.linux.theplanet.co.uk> <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca> <16715.50688.830652.474272@guru.mired.org> <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca> X-Mailer: VM 7.17 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-Primary-Address: mwm@mired.org X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`; h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew) From: Mike Meyer X-Mailman-Approved-At: Sat, 18 Sep 2004 15:39:16 +0000 cc: viro@parcelfarce.linux.theplanet.co.uk cc: gerarra@tin.it cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 05:58:05 -0000 In <006201c49d42$0c751aa0$1200a8c0@gsicomp.on.ca>, Matt Emmerton typed: > ----- Original Message ----- > From: "Mike Meyer" > To: "Matt Emmerton" > Cc: ; "Avleen Vig" > ; ; > > Sent: Saturday, September 18, 2004 1:22 AM > Subject: Re: FreeBSD Kernel buffer overflow > > > > In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton > typed: > > > I disagree. It really comes down to how secure you want FreeBSD to be, > and > > > the attitude of "we don't need to protect against this case because > anyone > > > who does this is asking for trouble anyway" is one of the main reason > why > > > security holes exist in products today. (Someone else had brought this > up > > > much earlier on in the thread.) > > > > You haven't been paying close enough attention to the discussion. To > > exploit this "security problem" you have to be root. If it's an > > external attacker, you're already owned. > > I'm well aware of that fact. That's still not a reason to protect against > the problem. > > If your leaky bucket has 10 holes in it, would you at least try and plug > some of them? In this case, you're trying to plug holes in a bucket that doesn't have a bottom. Not only that - once you fix the bottom, the holes will be fixed as well. If this qualifies as a security hole, then so does /bin/sh being executable by root. http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.