Slashdot Mirror
FreeBSD Kernel Leak
Pine Digital Security announced a FreeBSD kernel leak, found when auditing a customer. The leak can be exploited to panic the server or elevate privileges. FreeBSD swiftly updated CVS, a security advisory will probably follow. Both the -RELEASE branch and -CURRENT branch are vulnerable.
I just wanted to point this out since whoever
submitted the article didn't feel it was
necessary.
To repeat myself, according to the article, this
problem does not effect OpenBSD or NetBSD.
*sigh* back to work...
"FreeBSD swiftly updated CVS"
I love open-source.
Where in the story posting does it say that involves NetBSD and/or OpenBSD? It states clearly that it's a FreeBSD bug. And one that's already fixed in CVS to boot.
The FreeBSD security advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ FreeBSD-SA-02%3A44.filedesc.asc, including patch.
Read the advisory. The bug was fixed first, and then the advisory was released. Also, this security related issue isn't easy to exploit. Calling that syscall 2^31 times certainly takes a while :)
Obviously you don't use BSD, (I'll bet you bought redhat's new tripe and did a full install) or you would be extolling its virtues despite the occasional bug. Oh, btw, i doubt your intelligence since your spelling sux.......... (awaiting your feeble return-burn, you 'anonymous coward')
I call computer-illiteracy job security
i appreciate postings like this, but as usual, any good discussion about the problem is zero on slashdot.
every time there is a mention of linux or xBSD or whatever OS having a problem, people who don't use it come out of the woodwork to say "LOOK! It sucks! It's broken! HaHaHa! We Win!".
how old are you people ? (mentally?)
no wonder why other tech-based sites have no respect for slashdot discussions.
Why would this be a big blow? It was a big problem when the latest OpenSSH bug came along. Or when Sun had a problem with NIS (I administrate multiple platforms and around 50 servers by now). It is just another security problem and in a few months we will see another one. Who cares what platforms it is. You compile, install and go on with your life.
But then again, who'd want that source anyways?
Is this the reason that Rackspace would not let me use FreeBSD on their network 6 months ago? They said that if I use FreeBSD then I will be hacked. Then they pushed RedHad Linux on me.
To this day, I do not know why they said FreeBSD is insecure at the Kernel.
The above is not worth reading.
ROFLMAO!
I call computer-illiteracy job security
Why was this even posted? First Slashdot posts erroneous stories. Then they start making up stories. Now they post the most trivial of stories.
"Ho hum. Another slow news day. Let's roll some dice and post a minor random security advisory from some random project and pretend it's news."
A Government Is a Body of People, Usually Notably Ungoverned
This is a local vulnerability; it doesn't, in and of itself, make servers vulnerable. Even if someone has a local account on a system, it takes hours of CPU time to perform an exploit.
It looks like the bug (and the fix) were already announced (and committed to CVS) but that the possibility of using the bug in an exploit was not revealed until now (and might not even have been appreciated by the original reporter).
Correct me if I'm wrong but it looks like this exploit doesn't effect -STABLE to begin with.
If you're using 5.0RC2 you've got to figure there'll be some bugs.
Correct me if I'm wrong...
:-)
I think you are.
The security advisory says that branches RELENG_4 (up to 11 November 2002), RELENG_4_7, and RELENG_4_6 (both till 6 January 2003) contain the bug. I'd post the appropriate parts from the advisory, but the lameness filter thinks that I'm posting "junk" characters...sigh...
-Charles
The problem is already fixed, and people just need to update themselves now.
Thanks! That link was what I was waiting for, what Coolvibe refers to and what Slashdot still should have linked to. I deserved a slap for not having checked www.freebsd.org myself first.
Incorrect... this affects 4.3 and later. It does effect -STABLE up until the point where the patch was installed. -STABLE is a line off of a release where tested new features, bug fixes, and security patches are applied. Thus, you could install a -RELEASE and then track -STABLE, but you would generally only do this if you were engaged in actively developing (on) FreeBSD. If you were using a -STABLE before this came to light, you are still vulnerable unless you've updated since.
5.0 may or may not be affected - I would assume the former, but I may be wrong.
For more information on -CURRENT and -STABLE...
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
A first post that actually makes some amount of sense? True "First" indeed.
Ya know Ed you da man! I was pretty sure it was local and not the average script kiddie's folly; however, wanting to see how long it took for someone to confirm my drunken belief and now I am way down here in the replies :).
:) )
Begin_Rant
Too much wah wah FreeBSD, Not OPEN or NET blather to give people, who may need direction and are unfamiliar, the proper support and information they deserve --hats off to you for pointing the truth out.
Afterall, it's the community spirit being fostered by the BSD and Linux and Open Source Movements that needs to be agressively passed along to the newly initiated cause we all know....
The DOCUMENTATION SUCKS, so the community needs to make up for it, or we'll all have Borg implants, M$ alarm clocks that don't wake us up for work, microwave ovens that can't cook a decent buttered popcorn, and Oracle poptarts that are still cold out of the toaster.
Having a choice makes up for small road block which are already fixed and gone.
Surely some people have a few production servers will probably need to be patched against this due to the service that they provide, but the odds that they'll get caught with their asses hanging out are slim to none and even the slightest of process monitoring would smell that in a hearbeat.
Any OS needs help out of the box and takes a clear and goal oriented approach to make it secure and tuned in any sense to the mold in which you want it to fit.
Too bad people would rather speak than what consider what people may want to hear....It obscures the point. I think the post meant well, but was the starting point of a degraded dialogue (minus my $0.02 of course
End_Rant
-Quillsta
ROFL. It's Far from dying. Keep trolling, maybe get yourself a little pink imac to go with your leotard.
Command attempted to use minibuffer while in minibuffer
You did a nice job of writing something that went over most people's heads there :)
No, your children are not the special ones. Nor are your pets.
ncftp3 ftp.kernel.org /pub/linux/kernel/v2.4
cd
ls *dontuse*
linux-2.4.11-dontuse.tar.bz2
linux-2.4.11-dontuse.tar.gz.sign
patch-2.4.11-dontuse.gz
linux-2.4.11-dontuse.tar.bz2.sign
patch-2.4.11-dontuse.bz2
patch-2.4.11-dontuse.gz.sign
linux-2.4.11-dontuse.tar.gz
patch-2.4.11-dontuse.bz2.sign
So what!? Linux has had worse kernel bugs, IMHO. My FreeBSD box might be locally exploited. Anyone that rebooted their 2.4.11 Linux systems trashed any mounted filesystem.
Common sense is not so common.
Are you completely sure that no network daemon can be coerced into calling fpathconf() repetitively?
The problem isn't calling just calling fpathconf() repetitively. The problem is calling fpathconf() repetitively on a socket or other non-file (which would be a bug in itself). And by "repetitively" I mean at least 2,147,483,648 times on the same file descriptor for a system panic exploit, and exactly 4,294,967,295 times on the same file descriptor (followed by a close()) for the priviledge escalation exploit.
No network daemon that is part of the FreeBSD base system can be coerced into performing the necessary actions. Grep the source tree yourself (you'll only get a handful of hits) and examine the resulting files if you don't believe me. It's impossible to rule out everything in the ports collection (and the FreeBSD folks are careful not to make any claims regarding them) but it's hard to imagine creating an exploit of greater than theoretical importance using any network server.
The most enjoyable part of the whole topic is the fact that you corrected me, and you couldn't be more wrong if you tried.
Affected
1 : INCLINED, DISPOSED
2 a : given to affectation b : assumed artificially or falsely : PRETENDED
So tell me Captain English, which of those is the correct definition? According to m-w.com:
usage The confusion of the verbs affect and effect is not only quite common but has a long history. Effect was used in place of affect as early as 1494. If you think you want to use the verb effect but are not certain, check the definitions in this dictionary. The noun affect is sometimes mistakenly used for effect. Except when your topic is psychology, you will seldom need the noun affect.
So unless you thought I meant that the exploit had great fondness for OS/2, I stand uncorrected.
You are wrong. The definition you cite for affected is not relevent as it is an adjective. The word in question is effect, which you used as a verb in your sentence: "Let me just remind you all that this bug does NOT effect the OS/2 Warp 3.0 kernel."
From dictionary.com, definition 1 of affect: "To have an influence on or effect a change in."
Also from dictionary.com, effect as a verb means "To produce, as a cause or agent; to cause to be." or "To bring to pass; to execute; to enforce; to achieve; to accomplish."
The leak isn't producing, executing, enforcing, achieving, or accomplishing FreeBSD. It is, however, having an influence or effect on FreeBSD.
So, your grammar argument is completely wrong. Technically, however, your original sentence isn't completely wrong because the bug does not effect OS/2. In this context, you really meant that is does not affect OS/2.
> Although the missing fdrop() call in fpathconf(2) was noticed
:)
> before by Nakamura Takayuki its impact
> was severely underestimated.
As someone noticed before, it looks like a known bug, but until now nobody has really done the check, "hey, what this bug does?".
Maybe now the FreeBSD Core team knows why they fixed the bug
Cesar Cardoso can be found at cesar at zyakannazio dot eti dot br (or at least I believe so)
Now that we have grammatically analysed the joke the funniness has been sucked from it.
Would you use something marked *dontuse* on one of your FreeBSD mirrors?
Linux distributions only include a kernel that has been tested by the distribution builder. The people that got bit in the ass are the ones that follow the Linux Kernel Mailing List and grab new releases. The reason they follow and install bleeding edge kernels is so that they can test them out en masse for Linus and friends, and they expect to wreck thier system. That's how the linux kernel development works.
Read the disclaimers for FreeBSD-5 previews and RC's - it's remarkably similar.
> how old are you people ? (mentally?)
> no wonder why other tech-based sites have no respect for slashdot discussions.
I'd say that that's what's so great about slashdot, its egalitarian nature. Sure, you see many stupid posts (you might say that this post is stupid as well), but the fact that anyone can contribute to slashdot makes this place magical and dynamic; stupid posts are just a minor consequence. And let me ask you; if you think that slashdot is just a morons and idiots get-together, why would you be reading and posting here?