From owner-freebsd-stable@FreeBSD.ORG  Fri Nov 24 22:58:51 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 71A8F16A416
	for <freebsd-stable@freebsd.org>; Fri, 24 Nov 2006 22:58:51 +0000 (UTC)
	(envelope-from scottl@samsco.org)
Received: from pooker.samsco.org (pooker.samsco.org [168.103.85.57])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4425F43D6B
	for <freebsd-stable@freebsd.org>; Fri, 24 Nov 2006 22:58:02 +0000 (GMT)
	(envelope-from scottl@samsco.org)
Received: from [192.168.254.14] (imini.samsco.home [192.168.254.14])
	(authenticated bits=0)
	by pooker.samsco.org (8.13.4/8.13.4) with ESMTP id kAOMwd04009094;
	Fri, 24 Nov 2006 15:58:44 -0700 (MST)
	(envelope-from scottl@samsco.org)
Message-ID: <4567791F.9070102@samsco.org>
Date: Fri, 24 Nov 2006 15:58:39 -0700
From: Scott Long <scottl@samsco.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
	rv:1.7.7) Gecko/20050416
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: David Malone <dwmalone@maths.tcd.ie>
References: <200611242042.aa66912@boole.maths.tcd.ie>
In-Reply-To: <200611242042.aa66912@boole.maths.tcd.ie>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.4 required=3.8 tests=ALL_TRUSTED autolearn=failed 
	version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on pooker.samsco.org
Cc: FreeBSD Stable <freebsd-stable@freebsd.org>,
	"O. Hartmann" <ohartman@zedat.fu-berlin.de>
Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824,
 MOKB-03-11-2006, CVE-2006-5679
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Nov 2006 22:58:51 -0000

David Malone wrote:

>>These two bugs are shown for FreeBSD only and I guess, Solaris and other 
>>BSDs  still use UFS. Are they more robust against this exploit or type 
>>of exploit?
> 
> 
> I don't know of a concerted effort by anyone to improve UFS in this
> way. I would guess that the odd bug would have been resolved, but
> no large scale work.
> 
> 	David.

Another thing to keep in mind is that filesystem mounting is only 
available to the super-user.  If a feature came along such as 
automatically mounting USB drives, these bugs would indeed be critical.
But for now, they are not.

Scott