Date: Fri, 24 Nov 2006 17:38:02 -0800 From: "Kevin Oberman" <oberman@es.net> To: Scott Long <scottl@samsco.org> Cc: David Malone <dwmalone@maths.tcd.ie>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 Message-ID: <20061125013802.20B6E45054@ptavv.es.net> In-Reply-To: Your message of "Fri, 24 Nov 2006 15:58:39 MST." <4567791F.9070102@samsco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1164418682_60514P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Fri, 24 Nov 2006 15:58:39 -0700 > From: Scott Long <scottl@samsco.org> > Sender: owner-freebsd-stable@freebsd.org > > David Malone wrote: > > >>These two bugs are shown for FreeBSD only and I guess, Solaris and other > >>BSDs still use UFS. Are they more robust against this exploit or type > >>of exploit? > > > > > > I don't know of a concerted effort by anyone to improve UFS in this > > way. I would guess that the odd bug would have been resolved, but > > no large scale work. > > > > David. > > Another thing to keep in mind is that filesystem mounting is only > available to the super-user. If a feature came along such as > automatically mounting USB drives, these bugs would indeed be critical. > But for now, they are not. Not on the base system, but Gnome 2.16 with hald running will mount a removable device automatically. The standard configuration of Gnome runs hald. Allowing user mounts of removable media is even formalized by the addition of /media to hier(7). I'm not sure this should simply be treated as not being significant. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1164418682_60514P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFFZ556kn3rs5h7N1ERAkKfAKCuzl6HO4TE/o97Xi10Rz5jpwcKTACcDoWC xAYigExsferjkoibhPEVsNk= =dK9E -----END PGP SIGNATURE----- --==_Exmh_1164418682_60514P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061125013802.20B6E45054>