Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

On Wed, Dec 06, 2006 at 02:07:16AM -0800, Colin Percival wrote:
FreeBSD Security Advisories wrote:
FreeBSD-SA-06:25.kmem Security Advisory
The FreeBSD Project
...
III. Impact

A user in the "operator" group can read the contents of kernel memory.
Such memory might contain sensitive information, such as portions of
the file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in some
way; for example, a terminal buffer might include a user-entered
password.

For what it's worth, there was a lot of debate about whether this deserved
an advisory: Members of the operator group are allowed (by default, at least)
to read raw disk devices, so being able to read kernel memory really isn't
very much of a privilege escalation. [...]

Definitely. There always could be a kernel dump on a swap device.
I really see no point at all in such security advisories. Local DoSes
are much more important and we don't publish security advisories for
them, because as we all well know there are many, many such bugs in any
operating system out there and will be just silly to publishing security
advisory for every single local DoS.

[...] In the end I decided to go ahead with
this advisory largely because we were already planning on issuing an advisory
this week (for a far more serious issue in GNU tar), but if a similar issue
arises next month, we might decide not to bother with an advisory.

That's why IMHO it was a mistake to publish this one, because people can
start depend on the fact that we publish security advisories for such
bugs.

--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@xxxxxxxxxxx http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!

Attachment: pgpFBD4HvNQTJ.pgp
Description: PGP signature

Relevant Pages

  • Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
    ... A user in the "operator" group can read the contents of kernel memory. ... Such memory might contain sensitive information, ... an advisory: Members of the operator group are allowed ... FreeBSD Security Officer ...
    (FreeBSD-Security)
  • Re: sshd patch
    ... > version string still doesn't match the one in the advisory. ... patches can be applied to as many different versions of FreeBSD as ... eyeball inspection of the patch. ... This is generally the case with security advisories, ...
    (freebsd-questions)