lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: krispykringle at gentoo.org (Dan Margolis)
Subject: Re: Full-Disclosure digest, Vol 1 #2093 - 36
 msgs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Randall Craig wrote:
> On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig@...il.com> wrote:
>  Ok I am super duper new to this list and also new to *nix... i will
>  never go back to M$ ceptin for gaming purposes... I am running on OS
>  X.3.3 and was wanting to know if the Security Alert pertaining to
>  FreeBSD would also affect my system. I know that BSD is running
>  underneath OS X... I am fairly sure that Apple is aware of it by
>  now-.
>  thnx

No. When people comment that OSX runs on BSD, they don't mean that OSX
actually runs a FreeBSD kernel. It does not (it runs XNU, based on Mach
but incorporating BSD code). Read
[http://www.kernelthread.com/mac/osx/arch_xnu.html] for more information.

Specifically regarding this vulnerability, MacOSX does not have procfs
(/proc on systems that have it), so it's hard to imagine that it is
subject to this vulnerability.

On a side-note, Apple is pretty tightlipped about vulnerabilities (much
the way Microsoft used to be, though they *seem* to be learning their
lesson, from what I've heard). Apple should follow the lead set by other
vendors and recognize that once a vulnerability is public, the
responsible path is to acklowedge and publish workarounds or fixes, not
deny the problem until a final solution is available.

Dan
- --
Dan "KrispyKringle" Margolis
Security Coordinator/Audit Project, Gentoo Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iQEVAwUBQa+H+rDO2aFJ9pv2AQJbyQf8DcnBTOQdpqfZSRPIAaW/g/FE+/YYJFAG
AqHovG9SJ9JGVmzLW+3fFWXSqevzaxmIkaj/WzSDxDFb9MD4H9jwGdFD7AXyHTFS
go5c0t8r7auNrwhwxJiiJyyH3Y3rBAJQqJyRNFlRt7qL8rCG2Hzo1u1Yvrm6tcHG
KxJ2XU3EqavBghT9iQXVTcOTf66e6MzTrOI0c/xffcvjAu2XTyXXNnsj0wloTv04
JqdenT/SfLe0LowY6cpT2p1W0r/x5UkU2jlaTxkvmNvDbKsuvhMBX5CRw9QZv/pj
v72fjnpIoMPQ+WM6ykk06b6T5c0+tAXV0IGoRoddLibZsJM+bBbdSQ==
=RjMr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ