From owner-freebsd-security@FreeBSD.ORG Mon Feb 18 16:41:55 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0DF316A41A for ; Mon, 18 Feb 2008 16:41:55 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with SMTP id 2EC1C13C469 for ; Mon, 18 Feb 2008 16:41:54 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: (qmail 73968 invoked from network); 18 Feb 2008 16:15:13 -0000 Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33) by bizet.nethelp.no with SMTP; 18 Feb 2008 16:15:13 -0000 Date: Mon, 18 Feb 2008 17:15:13 +0100 (CET) Message-Id: <20080218.171513.41723703.sthaug@nethelp.no> To: freebsd-security@freebsd.org, Mark Andrews From: sthaug@nethelp.no In-Reply-To: <200802181414.m1IEE8bd075081@drugs.dv.isc.org> References: <200802181414.m1IEE8bd075081@drugs.dv.isc.org> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 18 Feb 2008 17:39:09 +0000 Cc: Subject: Re: How to take down a system to the point of requiring a newfs with one line of C (userland) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 16:41:56 -0000 > Did you actually bother to read his report? > > While his example is used "/", if the report is correct then you > just need to replace "/" with the path of any file system mount > point that is world writable like say "/tmp". > > Do you have /tmp mounted like this? > /dev/ad0s4e 507630 162050 304970 35% /tmp Tried with 7.0-RC1 and the top level of a world writable file system. No apparent ill effect. Steinar Haug, Nethelp consulting, sthaug@nethelp.no