Date: Fri, 11 Dec 2009 07:13:40 -0600 From: Stacey Son <sson@FreeBSD.org> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-current@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: Root exploit for FreeBSD Message-ID: <FADA0857-32E9-433C-AC50-F8AF00B1D269@FreeBSD.org> In-Reply-To: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote: >> From my information security manager: > > FreeBSD isn't much used within the University (I understand) and has a > (comparatively) poor security record. Most recently, for example: > > http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html From http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Apple-Fails.htm > All software has bugs, but it's how people react when things go wrong that you can judge them. Did the FreeBSD folks sit around and do nothing? Did they busy themselves with other things and leave 8.0, 7.1 and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours later Colin Percival, FreeBSD's security officer, made this announcement: > > A short time ago a 'local root' exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root ... since exploit code is already widely available I want to make a patch available ASAP. > And with that, he released said patch. > So what OS does your information security manager run on his {desk,lap}top? -stacey.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FADA0857-32E9-433C-AC50-F8AF00B1D269>