Slashdot Mirror
FreeBSD Kernel Leak
Pine Digital Security announced a FreeBSD kernel leak, found when auditing a customer. The leak can be exploited to panic the server or elevate privileges. FreeBSD swiftly updated CVS, a security advisory will probably follow. Both the -RELEASE branch and -CURRENT branch are vulnerable.
I just wanted to point this out since whoever
submitted the article didn't feel it was
necessary.
To repeat myself, according to the article, this
problem does not effect OpenBSD or NetBSD.
*sigh* back to work...
"FreeBSD swiftly updated CVS"
I love open-source.
Where in the story posting does it say that involves NetBSD and/or OpenBSD? It states clearly that it's a FreeBSD bug. And one that's already fixed in CVS to boot.
Read the advisory. The bug was fixed first, and then the advisory was released. Also, this security related issue isn't easy to exploit. Calling that syscall 2^31 times certainly takes a while :)
i appreciate postings like this, but as usual, any good discussion about the problem is zero on slashdot.
every time there is a mention of linux or xBSD or whatever OS having a problem, people who don't use it come out of the woodwork to say "LOOK! It sucks! It's broken! HaHaHa! We Win!".
how old are you people ? (mentally?)
no wonder why other tech-based sites have no respect for slashdot discussions.
Why would this be a big blow? It was a big problem when the latest OpenSSH bug came along. Or when Sun had a problem with NIS (I administrate multiple platforms and around 50 servers by now). It is just another security problem and in a few months we will see another one. Who cares what platforms it is. You compile, install and go on with your life.
Why was this even posted? First Slashdot posts erroneous stories. Then they start making up stories. Now they post the most trivial of stories.
"Ho hum. Another slow news day. Let's roll some dice and post a minor random security advisory from some random project and pretend it's news."
A Government Is a Body of People, Usually Notably Ungoverned
This is a local vulnerability; it doesn't, in and of itself, make servers vulnerable. Even if someone has a local account on a system, it takes hours of CPU time to perform an exploit.
It looks like the bug (and the fix) were already announced (and committed to CVS) but that the possibility of using the bug in an exploit was not revealed until now (and might not even have been appreciated by the original reporter).
Correct me if I'm wrong but it looks like this exploit doesn't effect -STABLE to begin with.
If you're using 5.0RC2 you've got to figure there'll be some bugs.
if I use FreeBSD then I will be hacked.
Not exactly a reprasentative poll but...
I use FreeBSD. I work in an office with 7 other people who all use RedHat. Out of the 8 of us, over the past 2 years, I'm the only one never to have been hacked.
The job I had before this was with an ISP which used FreeBSD for all their core systems. And in their whole history they had only ever had one FreeBSD system hacked, and that turned out to be an ex-employee who had added his public key to someobody elses authorized_keys file.
Do you mind, your karma has just run over my dogma.
I have a FreeBSD machine over at Rackspace, and I found out the hard way what they meant. They only support out-of-the-box distributions. So if you cvsup the source and then rebuild your world and kernel, then if anything goes wrong with the system (say, for instance, a disk fries) they won't perform support operations as part of your built-in service fees (since you're not running on a standard configuration). Instead, you'll have to pay a premium for the support.
Oh, go on, check out my job.
A first post that actually makes some amount of sense? True "First" indeed.
The less cynical interpretation is that they don't have the support smarts to support FBSD.
The cynic in me suggests they have a deal with Red Hat.
_O_
.|< The named which can be named is not the true named
Are you completely sure that no network daemon can be coerced into calling fpathconf() repetitively?
The problem isn't calling just calling fpathconf() repetitively. The problem is calling fpathconf() repetitively on a socket or other non-file (which would be a bug in itself). And by "repetitively" I mean at least 2,147,483,648 times on the same file descriptor for a system panic exploit, and exactly 4,294,967,295 times on the same file descriptor (followed by a close()) for the priviledge escalation exploit.
No network daemon that is part of the FreeBSD base system can be coerced into performing the necessary actions. Grep the source tree yourself (you'll only get a handful of hits) and examine the resulting files if you don't believe me. It's impossible to rule out everything in the ports collection (and the FreeBSD folks are careful not to make any claims regarding them) but it's hard to imagine creating an exploit of greater than theoretical importance using any network server.
The most enjoyable part of the whole topic is the fact that you corrected me, and you couldn't be more wrong if you tried.
Affected
1 : INCLINED, DISPOSED
2 a : given to affectation b : assumed artificially or falsely : PRETENDED
So tell me Captain English, which of those is the correct definition? According to m-w.com:
usage The confusion of the verbs affect and effect is not only quite common but has a long history. Effect was used in place of affect as early as 1494. If you think you want to use the verb effect but are not certain, check the definitions in this dictionary. The noun affect is sometimes mistakenly used for effect. Except when your topic is psychology, you will seldom need the noun affect.
So unless you thought I meant that the exploit had great fondness for OS/2, I stand uncorrected.
You are wrong. The definition you cite for affected is not relevent as it is an adjective. The word in question is effect, which you used as a verb in your sentence: "Let me just remind you all that this bug does NOT effect the OS/2 Warp 3.0 kernel."
From dictionary.com, definition 1 of affect: "To have an influence on or effect a change in."
Also from dictionary.com, effect as a verb means "To produce, as a cause or agent; to cause to be." or "To bring to pass; to execute; to enforce; to achieve; to accomplish."
The leak isn't producing, executing, enforcing, achieving, or accomplishing FreeBSD. It is, however, having an influence or effect on FreeBSD.
So, your grammar argument is completely wrong. Technically, however, your original sentence isn't completely wrong because the bug does not effect OS/2. In this context, you really meant that is does not affect OS/2.
The cynic in me suggests they have a deal with Red Hat.
:P
what kind of deal would they have? Something like if Rackspace exclusively uses Redhat, then Rackspace gets free versions of Redhat Linux with full access to the source code?
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
what kind of deal would they have?
Cheap support? Millinary vouchers? Penguin guano scrapers?
_O_
.|< The named which can be named is not the true named