Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Doesn't securelevel completely mitigate this even for root users anyway,
if set? Setting securelevel denies raw access to disk devices and kmem
in this way does it not?

- -- Craig Edwards

Dan Lukes wrote:
Colin Percival napsal/wrote:
A user in the "operator" group can read the contents of kernel memory.
Such memory might contain sensitive information, such as portions of
the file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in some
way; for example, a terminal buffer might include a user-entered
password.

- --
OpenPGP Key ID: 0x49B959F7
"Better to reign in Hell than to serve in Heaven" -- Milton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFdwdqCd57Ikm5WfcRAmx9AKDCtIqEj5lREwepRoFfcnMJNGwixQCfQ3WI
c34CNp+R5Zsgl/PyE32Qr0c=
=lRB+
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"