Re: exploiting kernel

From: Daniel Rudy <dr2867@xxxxxxxxxxx>
Date: Thu, 01 Dec 2005 21:24:34 -0800

At about the time of 12/1/2005 12:05 AM, iwan@xxxxxxxxxxxxxxx stated the
following:
> Hi,
> Can kernel's freeBSD exploited by tools hacking ? If true,
> can I know how to fix this problem, and what tools can do
> that.
>
> Thanks alot
>
>
>
> _______________________________________________
> freebsd-security@xxxxxxxxxxx mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
>

Absolutely.

There is no such thing as bug proof software. All software has bugs or
flaws in them. Generally, when a security related bug is discovered,
the programmers fix the problem, then make a patch available by any one
of several means. Then a security advisory is issued.

As for the bug, it depends on the nature of the bug to determine how to
exploit it. Unchecked buffers are suseptible to buffer overflow
attacks, etc. It all depends on the nature of the code and any details
that the programmer overlooked. Even well written software, when
subjected to different types of abuse, will fail in unexpected and
spetacular ways.

Unfortunately, you cannot secure against future unknown security
problems in software. The best that you can do it mitigate the risks of
compromise as much as possible by using ACLs, chflags, securelevel,
jails, and other security related features of the operating system. The
other participents on this list have provided you with a number of
resources to secure your system. I strongly suggest that you use them.

Later.
--
Daniel Rudy
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

References:
- exploiting kernel
  - From: iwan

Prev by Date: Re: exploiting kernel
Next by Date: acroread security problem
Previous by thread: Re: exploiting kernel
Next by thread: acroread security problem
Index(es):
- Date
- Thread

Relevant Pages

please pull from the trivial tree
... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ...
(Linux-Kernel)
Subterrane v0.194 Alpha Released
... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ...
(rec.games.roguelike.announce)
[Un] Unangband 0.6.2-wip7a has been released
... This release is mostly a bug fix revision to wip7, however, I was able to sneak ... The player only suffers a monster disease if the monster disease state isn't ... Fix up some animal speech sayings. ...
(rec.games.roguelike.angband)
Unangband 0.6.2-wip7a has been released
... This release is mostly a bug fix revision to wip7, however, I was able ... You can now use the run command to 'step' into an adjacent monster, ... The player only suffers a monster disease if the monster disease ... Fix up some animal speech sayings. ...
(rec.games.roguelike.announce)
Re: [ulipad:2586] [ANN]UliPad 3.9 released!
... UliPad is a flexible editor, ... Change setmenutext to use fix width to set the menu text, ... Bug fix: ...
(comp.lang.python)