Date: Tue, 20 Aug 2019 18:30:08 -0400 From: Mark Johnston <markj@freebsd.org> To: Ian Lepore <ian@freebsd.org> Cc: Eugene Grosbein <eugen@grosbein.net>, freebsd-security@freebsd.org, Freebsd hackers list <freebsd-hackers@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:23.midi Message-ID: <20190820223008.GC46556@raichu> In-Reply-To: <1909279dfc6002f6c21ff8e92ca2925511dca322.camel@freebsd.org> References: <20190820201257.7A9D41F8B7@freefall.freebsd.org> <f19d3f62-940c-7888-b379-f416dfc45cac@grosbein.net> <1909279dfc6002f6c21ff8e92ca2925511dca322.camel@freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Tue, Aug 20, 2019 at 04:01:39PM -0600, Ian Lepore wrote: > On Wed, 2019-08-21 at 04:55 +0700, Eugene Grosbein wrote: > > 21.08.2019 3:12, FreeBSD Security Advisories wrote: > > > > [skip] > > > > > IV. Workaround > > > > > > No workaround is available. Custom kernels without "device sound" > > > are not vulnerable. > > > > Is it true that there is no way to disable vulnerable and unneeded > > device driver > > built in GENERIC other that through rebuilding the kernel? > > > > I remember that pre-4.x versions of FreeBSD had visual VGA-based pre- > > boot configurator > > allowing to disable any compiled-in device driver. Don't > > device.hints(5) or loader(8) have means to do so? > > > > These days GENERIC have LOTS of drivers and it's convenient but > > unsafe. > > > > "No workaround" just seems to be wrong. Aside from setting the > disabled hint to turn off the driver (or using devctl to turn it off on > a live system), the exploit also requires opening /dev/midistat, so a > viable workaround is to change its permissions so that users can't open > it. Yeah, this was an oversight. The SA text will be amended.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190820223008.GC46556>