Re: FW: OpenBSD 2.9,2.8 local root compromise (fwd)

From: Mike Tancsa (mike@sentex.net)
Date: 06/15/01


Date: Fri, 15 Jun 2001 13:08:09 -0400
To: rich@rdrose.org, freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>

At 06:04 PM 6/15/01 +0100, rich@rdrose.org wrote:
>Someone asked about 4.3 being susceptible to this attack....

A followup to the message you quote below seems to imply this is not the
case and FreeBSD might be vulnerable. Hence the request for
clarification. See the message from Jason R Thorpe <thorpej@zembu.com>
which I posted in my original question to this list.

         ---Mike

>---------- Forwarded message ----------
>Date: Fri, 15 Jun 2001 08:41:13 -0500
>From: Will Senn <wsenn@postfuture.com>
>To: OpenBSDTech <tech@openbsd.org>
>Subject: FW: OpenBSD 2.9,2.8 local root compromise
>
>-----Original Message-----
>From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
>Sent: Thursday, June 14, 2001 12:10 PM
>To: Georgi Guninski
>Cc: Bugtraq
>Subject: Re: OpenBSD 2.9,2.8 local root compromise
>
>
>On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> > OpenBSD 2.9,2.8
> > Have not tested on other OSes but they may be vulnerable
>
>FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
>privileges before allowing detach.
>
>--
>* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
>* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Fwd: Re: OpenBSD 2.9,2.8 local root compromise
    ... Does anyone know either way if FreeBSD is or is not vulnerable? ... >Subject: Re: OpenBSD 2.9,2.8 local root compromise ... >Organization: Zembu Labs, Inc. ...
    (FreeBSD-Security)
  • Re: Open Vs Free BSD
    ... NetBSD: Run on any hardware ... OpenBSD: ... FreeBSD: ... I like NetBSD (because of the supported platforms - especially RiscPCs - and the clean implementation). ...
    (freebsd-stable)
  • Re: Fwd: That whole "Linux stealing our code" thing
    ... The myth that Theo understands dual licensing? ... It's no longer dual licenced in the FreeBSD tree because the FreeBSD ... FreeBSD doesn't have Reyk's athHAL from OpenBSD, ... dual licenced files planned to make GPL-only ...
    (Linux-Kernel)
  • Re: Quick and dirty router/firewall to test something?
    ... using FreeBSD vs. OpenBSD. ... Soekris boards up against commercial Watchguard and Cisco offerings any ... Chris Olive ...
    (comp.os.linux.misc)
  • Re: FreeBSD vs. OpenBSD
    ... Subject: FreeBSD vs. OpenBSD ... you can secure any OS before you put it in the wild. ... | OpenBSD boasts that they test the patch branch before its posted. ...
    (Security-Basics)