From owner-freebsd-security@FreeBSD.ORG  Wed Dec  6 18:11:28 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2736F16A4C8;
	Wed,  6 Dec 2006 18:11:28 +0000 (UTC)
	(envelope-from brain@winbot.co.uk)
Received: from brainbox.winbot.co.uk
	(cpc1-mapp3-0-0-cust243.nott.cable.ntl.com [82.20.212.244])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ACD0243D92;
	Wed,  6 Dec 2006 18:09:09 +0000 (GMT)
	(envelope-from brain@winbot.co.uk)
Received: from synapse.brainbox.winbot.co.uk ([10.0.0.2] helo=[192.168.1.10])
	by brainbox.winbot.co.uk with esmtp (Exim 4.60 (FreeBSD))
	(envelope-from <brain@winbot.co.uk>)
	id 1Gs16F-0006cl-2S; Wed, 06 Dec 2006 18:02:31 +0000
Message-ID: <4577076A.6080508@winbot.co.uk>
Date: Wed, 06 Dec 2006 18:09:46 +0000
From: Craig Edwards <brain@winbot.co.uk>
Organization: Crypt Software
User-Agent: Thunderbird 1.5.0.7 (X11/20061001)
MIME-Version: 1.0
To: Dan Lukes <dan@obluda.cz>
References: <200612060933.kB69XErN083086@freefall.freebsd.org>	<45769654.5050307@freebsd.org>
	<4576F3A9.9000307@obluda.cz>
In-Reply-To: <4576F3A9.9000307@obluda.cz>
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org, Colin Percival <cperciva@freebsd.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: brain@winbot.co.uk
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2006 18:11:28 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Doesn't securelevel completely mitigate this even for root users anyway,
if set? Setting securelevel denies raw access to disk devices and kmem
in this way does it not?

- -- Craig Edwards

Dan Lukes wrote:
> Colin Percival napsal/wrote:
>>> A user in the "operator" group can read the contents of kernel memory.
>>> Such memory might contain sensitive information, such as portions of
>>> the file cache or terminal buffers.  This information might be directly
>>> useful, or it might be leveraged to obtain elevated privileges in some
>>> way; for example, a terminal buffer might include a user-entered
>>> password.

- --
OpenPGP Key ID: 0x49B959F7
"Better to reign in Hell than to serve in Heaven" -- Milton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFdwdqCd57Ikm5WfcRAmx9AKDCtIqEj5lREwepRoFfcnMJNGwixQCfQ3WI
c34CNp+R5Zsgl/PyE32Qr0c=
=lRB+
-----END PGP SIGNATURE-----