From owner-freebsd-security Tue Aug 17 17:24:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 024FA15677 for ; Tue, 17 Aug 1999 17:24:07 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id SAA02744; Tue, 17 Aug 1999 18:24:28 -0600 (MDT) Message-Id: <4.2.0.58.19990817182156.0463ecd0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 17 Aug 1999 18:23:25 -0600 To: Matthew Dillon , Mike Tancsa From: Brett Glass Subject: Re: Any work around for this FreeBSD bug/DoS ? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199908170527.WAA13380@apollo.backplane.com> References: <4.1.19990816203409.05989960@granite.sentex.ca> <4.1.19990816213403.05a3b540@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:27 PM 8/16/99 -0700, Matthew Dillon wrote: > There are many ways a user can crash the system... eating network mbufs > isn't the easiest. My experience is that as long as you cover most of > the bases, the few that remain will not cause enough of a problem to > become endemic. Crashing a machine through a user account is not > really satisfactory to most hackers since it is so easy to do -- and > also relatively easy to trace. Perhaps. But this is no excuse for leaving such a serious hole open! No unprivileged user should be able to crash the system under any circumstances. Especially not this easily. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message