Date: Fri, 24 Nov 2006 18:40:17 -0700 From: Scott Long <scottl@samsco.org> To: Kevin Oberman <oberman@es.net> Cc: David Malone <dwmalone@maths.tcd.ie>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 Message-ID: <45679F01.90708@samsco.org> In-Reply-To: <20061125013802.20B6E45054@ptavv.es.net> References: <20061125013802.20B6E45054@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Oberman wrote: >> Date: Fri, 24 Nov 2006 15:58:39 -0700 >> From: Scott Long <scottl@samsco.org> >> Sender: owner-freebsd-stable@freebsd.org >> >> David Malone wrote: >> >>>> These two bugs are shown for FreeBSD only and I guess, Solaris and other >>>> BSDs still use UFS. Are they more robust against this exploit or type >>>> of exploit? >>> >>> I don't know of a concerted effort by anyone to improve UFS in this >>> way. I would guess that the odd bug would have been resolved, but >>> no large scale work. >>> >>> David. >> Another thing to keep in mind is that filesystem mounting is only >> available to the super-user. If a feature came along such as >> automatically mounting USB drives, these bugs would indeed be critical. >> But for now, they are not. > > Not on the base system, but Gnome 2.16 with hald running will mount a > removable device automatically. The standard configuration of Gnome runs > hald. Allowing user mounts of removable media is even formalized by the > addition of /media to hier(7). I'm not sure this should simply be > treated as not being significant. Would it be possible to restrict Gnome to only auto-mounting msdos and cd9660 filesystems? Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45679F01.90708>