From owner-freebsd-security@FreeBSD.ORG Fri Nov 24 21:24:48 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C08DC16A407 for ; Fri, 24 Nov 2006 21:24:48 +0000 (UTC) (envelope-from lboehne@damogran.de) Received: from cthulhu.zoidberg.org (zoidberg.org [213.133.99.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50F4843D6D for ; Fri, 24 Nov 2006 21:24:03 +0000 (GMT) (envelope-from lboehne@damogran.de) Received: from [192.168.2.100] (dslb-084-063-015-126.pools.arcor-ip.net [::ffff:84.63.15.126]) (AUTH: PLAIN kasperle, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by cthulhu.zoidberg.org with esmtp; Fri, 24 Nov 2006 22:24:45 +0100 id 0700594C.4567631E.00005D1F Message-ID: <456762FC.90108@damogran.de> Date: Fri, 24 Nov 2006 22:24:12 +0100 From: Lutz Boehne User-Agent: Thunderbird 1.5.0.8 (X11/20061120) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <45656A3B.6000000@zedat.fu-berlin.de> <20061123213656.GA26275@walton.maths.tcd.ie> <200611231742.01418.josh@tcbug.org> <4567504E.6040601@damogran.de> <20061124151543.03f06b19.wmoran@collaborativefusion.com> <20061124204111.GA3431@owl.midgard.homeip.net> <20061124160356.2c215381.wmoran@collaborativefusion.com> In-Reply-To: <20061124160356.2c215381.wmoran@collaborativefusion.com> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2006 21:24:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [It's just a panic] I was so transfixed on Josh stating that the attacker could as well just mount a filesystem with suid root binaries and how that would be more useful than a buffer overflow in the filesystem driver. I totally missed the fact that we were talking about two bugs where the kernel deliberately called panic() ;). So in this case I'd agree that the panic() is undesirable, but not really a security issue. Lutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZ2L5DbEkl9DbWrYRAus0AJwPEkX240mVIWme//LzHw210kUzKQCffFv1 6KGhWX9L0kzuMxk+JR+GyCg= =RSll -----END PGP SIGNATURE-----