Re: MOAB advisories

---

• From: Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 14 Jan 2007 10:15:15 -0500

---

"Kobajashi Zaghi" <kobajashi@xxxxxxxxx> wrote:

I would like to know, that these following "vulnerabilities" does
affect FreeBSD's reliability? If the answer is "yes", what version of
FreeBSD affected, when will be fixed, etc.

http://projects.info-pull.com/moab/MOAB-12-01-2007.html
http://projects.info-pull.com/moab/MOAB-10-01-2007.html

These folks are establishing themselves as careless, alarmist, and
uneducated when it comes to kernel bugs.

In FreeBSD, the above mentioned flaws can, indeed, cause a kernel panic.
However, this is intended behaviour when a corrupt filesystem is
encountered. It protects the system from serious damage that could
result from trying to work with the corrupt filesystem.

The difference, that the info-pull folks seem to be too stupid to
understand, is that FreeBSD does not allow mounting of filesystems
by anyone other than root. If someone with root access wants to
DoS your system, then don't need any flaws, they could just rm -rf /,
or other nasty actions.

Apple made the mistake of making a function that was designed to be
usable by an administrator-only accessible to the average user. Doing
this requires that lots and lots of code be investigated and updated.
Places where it makes sense to intentionally call panic() in FreeBSD
require less drastic and considerably more complex action in Mac OS.
Apparently, Apple didn't review this carefully enough.

The thing that amazes me is that the info-pull folks are smart enough
to uncover these issues, but too stupid to accurately report them and
their consequences.

-Bill
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: MOAB advisories
    • From: Alexander Leidinger

• References:
  • MOAB advisories
    • From: Kobajashi Zaghi

• Prev by Date: RE: MOAB advisories
• Next by Date: Re: MOAB advisories
• Previous by thread: MOAB advisories
• Next by thread: Re: MOAB advisories
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: MOAB advisories ... In FreeBSD, the above mentioned flaws can, indeed, cause a kernel panic. ... this is intended behaviour when a corrupt filesystem is ... Except root did set the sysctl to allow this, ... which mounts stuff for the desktop user, or uses amd to mount stuff. ... (FreeBSD-Security) Re: MOAB advisories ... In FreeBSD, the above mentioned flaws can, indeed, cause a kernel panic. ... this is intended behaviour when a corrupt filesystem is ... Except root did set the sysctl to allow this, ... didn't made specific configuration operations. ... (FreeBSD-Security) Re: MOAB advisories ... In FreeBSD, the above mentioned flaws can, indeed, cause a kernel panic. ... this is intended behaviour when a corrupt filesystem is ... which mounts stuff for the desktop user, or uses amd to mount stuff. ... Forrest Gump: "I didn't know I was supposed to be looking ... (FreeBSD-Security) Re: Is FreeBSD simple enough for Novices, Will FreeBSD accept Office 98 + Publisher? ... with Publisher be ran on FreeBSD? ... I took a MicroComputer Operating Systems course in Windows 3.11 and DOS ... IMHO Apple OSX's ease-of-use and seamless design ... (freebsd-questions) Re: learning unix w/ fbsd? ... >> don't have all the control over things that Apple has changed to ... Actually Darwin started off as a 4.2 FreeBSD based system, ... Commando taught me that the flag ... upgrade to the latest OS/X. ... (comp.unix.bsd.freebsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2007-01