Re: freebsd-security Digest, Vol 187, Issue 4
> [It's just a panic]
> I was so transfixed on Josh stating that the attacker could as well
> just mount a filesystem with suid root binaries and how that would be
> more useful than a buffer overflow in the filesystem driver. I totally
> missed the fact that we were talking about two bugs where the kernel
> deliberately called panic() ;).
>
> So in this case I'd agree that the panic() is undesirable, but not
> really a security issue.
In the past we have considered remote DOS type attacks to be a security
issue. In this case people discount it saying if the user has physical
access then it's game over anyway. Althought not as serious as privilege
escalation bugs I would have to say that mounting a user's USB drive
shouldn't allow the system to crash. How about something to force a fsck
before allowing the mount? Would that always catch it?
-Michael
_________________________________________________________________
http://fastmail.ca/ - Fast Secure Web Email for Canadians
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)