[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41AF87FA.8090809@gentoo.org>
From: krispykringle at gentoo.org (Dan Margolis)
Subject: Re: Full-Disclosure digest, Vol 1 #2093 - 36
msgs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Randall Craig wrote:
> On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig@...il.com> wrote:
> Ok I am super duper new to this list and also new to *nix... i will
> never go back to M$ ceptin for gaming purposes... I am running on OS
> X.3.3 and was wanting to know if the Security Alert pertaining to
> FreeBSD would also affect my system. I know that BSD is running
> underneath OS X... I am fairly sure that Apple is aware of it by
> now-.
> thnx
No. When people comment that OSX runs on BSD, they don't mean that OSX
actually runs a FreeBSD kernel. It does not (it runs XNU, based on Mach
but incorporating BSD code). Read
[http://www.kernelthread.com/mac/osx/arch_xnu.html] for more information.
Specifically regarding this vulnerability, MacOSX does not have procfs
(/proc on systems that have it), so it's hard to imagine that it is
subject to this vulnerability.
On a side-note, Apple is pretty tightlipped about vulnerabilities (much
the way Microsoft used to be, though they *seem* to be learning their
lesson, from what I've heard). Apple should follow the lead set by other
vendors and recognize that once a vulnerability is public, the
responsible path is to acklowedge and publish workarounds or fixes, not
deny the problem until a final solution is available.
Dan
- --
Dan "KrispyKringle" Margolis
Security Coordinator/Audit Project, Gentoo Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iQEVAwUBQa+H+rDO2aFJ9pv2AQJbyQf8DcnBTOQdpqfZSRPIAaW/g/FE+/YYJFAG
AqHovG9SJ9JGVmzLW+3fFWXSqevzaxmIkaj/WzSDxDFb9MD4H9jwGdFD7AXyHTFS
go5c0t8r7auNrwhwxJiiJyyH3Y3rBAJQqJyRNFlRt7qL8rCG2Hzo1u1Yvrm6tcHG
KxJ2XU3EqavBghT9iQXVTcOTf66e6MzTrOI0c/xffcvjAu2XTyXXNnsj0wloTv04
JqdenT/SfLe0LowY6cpT2p1W0r/x5UkU2jlaTxkvmNvDbKsuvhMBX5CRw9QZv/pj
v72fjnpIoMPQ+WM6ykk06b6T5c0+tAXV0IGoRoddLibZsJM+bBbdSQ==
=RjMr
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists