lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.44.0311181847400.2387-100000@sodom.uberhax0r.net>
Date: Tue, 18 Nov 2003 18:52:31 -0500 (EST)
From: noir@...rhax0r.net
To: Coleman Kane <cokane@...ane.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: OpenBSD kernel holes ...



> I may be wrong here, but I don't think that any of the kern.emul.*
> executable emulations are actually enabled on a default install. I have
> installed openbsd in environments requiring one of these since 3.2 and
> have had to specifically enable them every time. COMPAT_* are compiled in
> the default kernel, but are turned of via sysctl in the default install.

this exploit will get you uid=0 in all default installs starting from 2.6
upto and including 3.3. i have personally tested 2.6, 3.0, 3.1, 3.2, 3.3
on vmware (since i cann't effort to waste real hardware on openbsd.)

> that matter. IMHO, the slogan should be "More secure by default".

IMHO, the slogan should be "Less secure than claimed".

>
> This does fall under reliability fix category, though, since it isn't really
> a security issue, the bug puts the system into one of its most secure states:
> halted. Well, that is as long as youve disabled the kdb, which you should have
> on a production box.

this so true for OpenBSD. yes its most secure state is: halted.

- noir




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ