Date: Thu, 26 Feb 1998 21:43:49 -0800 From: Mike Smith <mike@smith.net.au> To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> Cc: tqbf@secnet.com, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: OpenBSD Security Advisory: mmap() Problem Message-ID: <199802270543.VAA26437@dingo.cdrom.com> In-Reply-To: Your message of "Thu, 26 Feb 1998 20:23:06 PST." <199802270423.UAA01955@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've ported this patch to FreeBSD 2.2.5R. XIG's Accelerated X server > crashes trying to access the VT. To get the XIG Accelerated X server > to work I've modified the patch to allow superuser to access to > character devices. I'm not sure what other applications could break > because of the originally posted patch or my modified patch, so > additional study needs to be done. This modification effectively defeats much of the actual usefulness of the patch. The bug is a second-order security risk in that an attacker must already have obtained at least group kmem before she can take advantage of it. I don't (at this point) think that we want to go ahead with this until we hear from XIG. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802270543.VAA26437>