Re: exploiting kernel



At about the time of 12/1/2005 12:05 AM, iwan@xxxxxxxxxxxxxxx stated the
following:
> Hi,
> Can kernel's freeBSD exploited by tools hacking ? If true,
> can I know how to fix this problem, and what tools can do
> that.
>
> Thanks alot
>
>
>
> _______________________________________________
> freebsd-security@xxxxxxxxxxx mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
>

Absolutely.

There is no such thing as bug proof software. All software has bugs or
flaws in them. Generally, when a security related bug is discovered,
the programmers fix the problem, then make a patch available by any one
of several means. Then a security advisory is issued.

As for the bug, it depends on the nature of the bug to determine how to
exploit it. Unchecked buffers are suseptible to buffer overflow
attacks, etc. It all depends on the nature of the code and any details
that the programmer overlooked. Even well written software, when
subjected to different types of abuse, will fail in unexpected and
spetacular ways.

Unfortunately, you cannot secure against future unknown security
problems in software. The best that you can do it mitigate the risks of
compromise as much as possible by using ACLs, chflags, securelevel,
jails, and other security related features of the operating system. The
other participents on this list have provided you with a number of
resources to secure your system. I strongly suggest that you use them.

Later.
--
Daniel Rudy
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • [Un] Unangband 0.6.3 released
    ... Allow player to assemble friendly monsters and carry eggs to hatch ... Updated druidic spells to use new region code. ... Fix lockup bugs generating the Old Forest. ... Fix bug where items dropped by monster death would infinitely ...
    (rec.games.roguelike.announce)
  • please pull from the trivial tree
    ... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ...
    (Linux-Kernel)
  • Subterrane v0.194 Alpha Released
    ... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ...
    (rec.games.roguelike.announce)
  • Re: Larkin, Power BASIC cannot be THAT good:
    ... If they did not produce a product with *adequate* quality then customers would not buy it and the company would not make a profit. ... it is to change a product in the field, and Y axis is bug density. ... but when the in service fix is almost free to the supplier then they will exploit that to their advantage. ... On-screen programming is pretty much type and ignite and see what ...
    (sci.electronics.design)
  • [Un] Unangband 0.6.2-wip7a has been released
    ... This release is mostly a bug fix revision to wip7, however, I was able to sneak ... The player only suffers a monster disease if the monster disease state isn't ... Fix up some animal speech sayings. ...
    (rec.games.roguelike.angband)