Re: AIO vulnerability (from bugtraq)

From: Andrew R. Reiter (arr@FreeBSD.org)
Date: 12/11/01


Date: Mon, 10 Dec 2001 20:09:33 -0500 (EST)
From: "Andrew R. Reiter" <arr@FreeBSD.org>
To: Alfred Perlstein <bright@mu.org>


Since kkenn is gone for a period of time, should anyone on
security-officer respond publically? Or has this already been done and
I'm behind email..

On Mon, 10 Dec 2001, Alfred Perlstein wrote:

:* Mike Tancsa <mike@sentex.net> [011210 12:25] wrote:
:>
:> For those not on bugtraq,
:
:Yah, this needs to be fixed, do note that AIO is not enabled by
:default in FreeBSD and the warning is pretty clear.
:
:Alan, can you take a look at this? I'd really like to get AIO
:enabled by default one of these days. :)
:
:>
:> ---Mike
:>
:> ------------------------------------------------------------------------------
:> Soniq Security Advisory
:> David Rufino <dr@soniq.net> Dec 9, 2001
:>
:> Race Condition in FreeBSD AIO implementation
:> http://elysium.soniq.net/dr/tao/tao.html
:> ------------------------------------------------------------------------------
:>
:> RISK FACTOR: LOW
:>
:> SYNOPSIS
:>
:> AIO is a POSIX standard for asynchronous I/O. Under certain conditions,
:> scheduled AIO operations persist after an execve, allowing arbitrary
:> overwrites in the memory of the new process. Combined with the permission
:> to execute suid binaries, this can yield elevated priviledges.
:> Currently VFS_AIO is not enabled in the default FreeBSD kernel config,
:> however comments in ``LINT'' suggest security issues have been known about
:> privately for some time:
:>
:> # Use real implementations of the aio_* system calls. There are numerous
:> # stability issues in the current aio code that make it unsuitable for
:> # inclusion on shell boxes.
:
:To Unsubscribe: send mail to majordomo@FreeBSD.org
:with "unsubscribe freebsd-security" in the body of the message
:

--
Andrew R. Reiter
arr@watson.org
arr@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • AIO vulnerability (from bugtraq)
    ... Soniq Security Advisory ... AIO is a POSIX standard for asynchronous I/O. ... scheduled AIO operations persist after an execve, ... Currently VFS_AIO is not enabled in the default FreeBSD kernel config, ...
    (FreeBSD-Security)
  • Re: security advisories
    ... > If "those individuals" wanted to be aware of new security holes as quick ... FreeBSD: The Power To Serve - http://www.FreeBSD.org ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Apple and FreeBSD Security Collaboration
    ... I hate to be so cynical and not accept it at face value, ... Do they really work closely with the security officer? ... >Add another feather to the cap of FreeBSD: ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Squid error
    ... This list is for issues directly related to FreeBSD ... security. ... Please use freebsd-questions or another forum where they are ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • which version should i install 4.6 stable or 4.6.2 release
    ... x.x-Stable and FreeBSD x.x-Release. ... For the security point of view which version is better and please tell me if i ... cvsup the system, in which version i should i do it. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)