From owner-freebsd-stable@FreeBSD.ORG Sat Nov 25 01:54:31 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0CE2E16A403 for ; Sat, 25 Nov 2006 01:54:31 +0000 (UTC) (envelope-from SRS0=91c3a7a4116e367ac6fdd3ee1e6ebf918a27e383=164=es.net=oberman@es.net) Received: from postal2.es.net (postal2.es.net [198.128.3.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9124643D86 for ; Sat, 25 Nov 2006 01:53:41 +0000 (GMT) (envelope-from SRS0=91c3a7a4116e367ac6fdd3ee1e6ebf918a27e383=164=es.net=oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal2.es.net (Postal Node 2) with ESMTP (SSL) id DMB69825; Fri, 24 Nov 2006 17:54:25 -0800 Received: from ptavv.es.net (localhost [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 74A5F45053; Fri, 24 Nov 2006 17:54:25 -0800 (PST) To: Scott Long In-Reply-To: Your message of "Fri, 24 Nov 2006 18:40:17 MST." <45679F01.90708@samsco.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1164419665_60514P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 24 Nov 2006 17:54:25 -0800 From: "Kevin Oberman" Message-Id: <20061125015425.74A5F45053@ptavv.es.net> Cc: David Malone , "O. Hartmann" , FreeBSD Stable Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Nov 2006 01:54:31 -0000 --==_Exmh_1164419665_60514P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Fri, 24 Nov 2006 18:40:17 -0700 > From: Scott Long > > Kevin Oberman wrote: > >> Date: Fri, 24 Nov 2006 15:58:39 -0700 > >> From: Scott Long > >> Sender: owner-freebsd-stable@freebsd.org > >> > >> David Malone wrote: > >> > >>>> These two bugs are shown for FreeBSD only and I guess, Solaris and other > >>>> BSDs still use UFS. Are they more robust against this exploit or type > >>>> of exploit? > >>> > >>> I don't know of a concerted effort by anyone to improve UFS in this > >>> way. I would guess that the odd bug would have been resolved, but > >>> no large scale work. > >>> > >>> David. > >> Another thing to keep in mind is that filesystem mounting is only > >> available to the super-user. If a feature came along such as > >> automatically mounting USB drives, these bugs would indeed be critical. > >> But for now, they are not. > > > > Not on the base system, but Gnome 2.16 with hald running will mount a > > removable device automatically. The standard configuration of Gnome runs > > hald. Allowing user mounts of removable media is even formalized by the > > addition of /media to hier(7). I'm not sure this should simply be > > treated as not being significant. > > Would it be possible to restrict Gnome to only auto-mounting msdos and > cd9660 filesystems? I suspect it is possible, but I'll ask Joe Marcus to answer as he did most of the FreeBSD hald work. Joe? This looks like something that needs a bit of thought. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1164419665_60514P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFFZ6JRkn3rs5h7N1ERAsumAJ0RfeEVj2pmg4ZA/Bi1M0ijjIFxsgCfSBAO 20IvkzlC/G3TQ6sALsCjPwA= =TEsh -----END PGP SIGNATURE----- --==_Exmh_1164419665_60514P--