Date: Tue, 21 Oct 2003 09:30:38 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Kip Macy <kmacy@fsmware.com> Cc: hackers@freebsd.org Subject: Re: process checkpoint restore facility now in DragonFly BSD Message-ID: <20031021163038.GA66101@rot13.obsecurity.org> In-Reply-To: <20031020134532.B63978@demos.bsdclusters.com> References: <20031020134532.B63978@demos.bsdclusters.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 20, 2003 at 01:52:07PM -0700, Kip Macy wrote: > Please note that there are *SEVERE* security issues with this module. > The module is not loaded into the kernel by default and, when loaded, > can only be used by users in the wheel group. Why the wheel group? Until now, the only special privilege this group has is that users are allowed to su to root, if they knew the password. It looks like now you've removed the root password barrier and allow anyone in the wheel group to manipulate processes to obtain root without a password :-) Kris --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/lV8tWry0BWjoQKURAkh8AKCK5wo+JjWpt0g6oUz8/NvAPjaidQCfSBUC H7QvdOZuN39B9pQEz3Z8Epw= =1ctB -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031021163038.GA66101>