From owner-freebsd-security  Fri Jul 13 10:30:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from osvald.void.ru (osvald.void.ru [195.209.226.151])
	by hub.freebsd.org (Postfix) with ESMTP id 29EBD37B403
	for <security@FreeBSD.ORG>; Fri, 13 Jul 2001 10:30:50 -0700 (PDT)
	(envelope-from void@void.ru)
Received: from DUKE_NOTER ([195.42.77.50])
	by osvald.void.ru (6.6.6 /6.6.6) with ESMTP id f6DHTJu44071;
	Fri, 13 Jul 2001 21:29:20 +0400 (MSD)
Date: Fri, 13 Jul 2001 21:21:22 +0400
From: void@void.ru
X-Mailer: The Bat! (v1.53bis)
X-Priority: 3 (Normal)
Message-ID: <204199672.20010713212122@void.ru>
To: Kris Kennaway <kris@obsecurity.org>
Cc: security@FreeBSD.ORG
Subject: Re: root compromise fix for RELENG_3 ?
In-Reply-To: <20010711122732.E87389@xor.obsecurity.org>
References: <4.2.2.20010711075617.05777eb8@192.168.0.12>
 <20010711122732.E87389@xor.obsecurity.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello, people

KK> The situation wrt local security fixes in RELENG_3 is that it's up
KK> to individual committers to commit them; the security officer
KK> isn't going to be enforcing it given the documented existence of
KK> an unfixable local root hole in that branch.

Hm, my old 3.4 which I'm running on my laptop seemed be not vulnerable
to this attack (with installed patches from www.securebsd.com). Seems
routines from these patches which perform additional checks and
logging before fork()ing and vfork()ing screwed up the possibility of
the exploit. 4.3-BETA and -RELEASE with those patches also seemed be
not vulnerable to attack.. but latest version of these patches is only
for 4.0 and need some manual fixups to be installed on a 4.3-*
kernels. I've put the fixed version for 4.3 kernels to
http://void.ru/securebsd_4.3.diff (NB! Use in on your own risk, I'm
highly advising you all to review the code before applying it and not
to use it on the commercial systems until you know what you're doing!)

.d


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message