Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

看板FB_security作者時間19年前 (2006/12/06 22:16), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串6/10 (看更多)
--o71xDhNo7p97+qVi Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2006 at 02:07:16AM -0800, Colin Percival wrote: > FreeBSD Security Advisories wrote: > > FreeBSD-SA-06:25.kmem Security Ad= visory > > The FreeBSD P= roject > > ... > > III. Impact > >=20 > > A user in the "operator" group can read the contents of kernel memory. > > Such memory might contain sensitive information, such as portions of > > the file cache or terminal buffers. This information might be directly > > useful, or it might be leveraged to obtain elevated privileges in some > > way; for example, a terminal buffer might include a user-entered > > password. >=20 > For what it's worth, there was a lot of debate about whether this deserved > an advisory: Members of the operator group are allowed (by default, at le= ast) > to read raw disk devices, so being able to read kernel memory really isn't > very much of a privilege escalation. [...] Definitely. There always could be a kernel dump on a swap device. I really see no point at all in such security advisories. Local DoSes are much more important and we don't publish security advisories for them, because as we all well know there are many, many such bugs in any operating system out there and will be just silly to publishing security advisory for every single local DoS. > [...] In the end I decided to go ahead with > this advisory largely because we were already planning on issuing an advi= sory > this week (for a far more serious issue in GNU tar), but if a similar iss= ue > arises next month, we might decide not to bother with an advisory. That's why IMHO it was a mistake to publish this one, because people can start depend on the fact that we publish security advisories for such bugs. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --o71xDhNo7p97+qVi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFFdtA9ForvXbEpPzQRAle9AKC7JO4bCuKTMKFgGtbJ4vtTqU+uAgCgoKGQ SKiiT2L+4tC3m6xh35fdWjE= =2nUF -----END PGP SIGNATURE----- --o71xDhNo7p97+qVi--
更多 pjd. 的文章
文章代碼(AID): #15Tj2c00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 6 之 10 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共10篇)
更多 pjd. 的文章
文章代碼(AID): #15Tj2c00 (FB_security)