From owner-freebsd-questions@FreeBSD.ORG Tue Oct 10 22:59:29 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A4CE16A40F for ; Tue, 10 Oct 2006 22:59:29 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2469D43D70 for ; Tue, 10 Oct 2006 22:59:24 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr2so.prod.shaw.ca (pd2mr2so-qfe3.prod.shaw.ca [10.0.141.109]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6X00MW8ZU6LC10@l-daemon> for questions@freebsd.org; Tue, 10 Oct 2006 16:58:54 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd2mr2so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6X00652ZU5V130@pd2mr2so.prod.shaw.ca> for questions@freebsd.org; Tue, 10 Oct 2006 16:58:54 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J6X003AKZTVTY20@l-daemon> for questions@freebsd.org; Tue, 10 Oct 2006 16:58:53 -0600 (MDT) Received: (qmail 51858 invoked from network); Tue, 10 Oct 2006 22:58:42 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Tue, 10 Oct 2006 22:58:42 +0000 Date: Tue, 10 Oct 2006 15:58:42 -0700 From: Colin Percival In-reply-to: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> To: Bill Moran Message-id: <452C25A2.6080809@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: freebsd security , questions@freebsd.org Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2006 22:59:29 -0000 Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. > VI. VENDOR RESPONSE > > "The policy of the FreeBSD Security Team is that local denial of service > bugs not be treated as security issues; it is possible that this problem > will be corrected in a future Erratum." If there was any potential for (a) privilege escalation, (b) disclosure of potentially sensitive information, or (c) denial of service by a non-authenticated attacker, we would have issued a security advisory. Colin Percival