lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200406182127.i5ILRVxl003930@turing-police.cc.vt.edu>
Date: Fri, 18 Jun 2004 17:27:31 -0400
From: Valdis.Kletnieks@...edu
To: Manuel Bouyer <bouyer@...ioche.eu.org>
Cc: bugtraq@...urityfocus.com, cert@...t.org, phrackstaff@...ack.org,
	staff@...ketstormsecurity.org, security@...eBSD.org
Subject: Re: Unprivilegued settings for FreeBSD kernel variables

On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:
> On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > [...]
> > 
> > AFFECTED DISTRIBUTIONS:
> > FreeBSD 5.x i386
> > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
> 
> NetBSD is not, a LKM can't be loaded if securelevel is > 0.

Note *very* carefully the fact that the statement "you can't load a LKM" is not
totally identical to "you can't cause an LKM to be in the kernel".

Hunt down the Phrack article on loading an LKM into a Linux kernel *that
doesn't even have module support*, and ask yourself if you're quite as sure
that there is *zero* vulnerability there....


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ