[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locally exploitable races? OpenBSD

To: "Todd C. Miller" <Todd.Miller@courtesan.com>
Subject: Re: Locally exploitable races? OpenBSD
From: Gregory Steuck <greg@nest.cx>
Date: 05 Jun 2001 12:06:21 -0700
Cc: Zvezdelin <zvezdi@freenet.nether.net>, tech@openbsd.org
References: <Pine.GSO.4.21.0106050900180.8733-100000@freenet.nether.net> <200106051749.f55HnS630115@xerxes.courtesan.com>
User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Cuyahoga Valley)

>>>>> "Todd" == Todd C Miller <Todd.Miller@courtesan.com> writes:

    Todd> What he's talking about is completely irrelevant because it
    Todd> requires things use rfork() and nothing in the system does...

    Todd> Should the races get fixed?  Yes.  Is it a real problem?
    Todd> Nope.  Should developers respond to obvious flame bait?  No
    Todd> again.

If I am not mistaken it's a stability, not security issue. The problem
is real in sense that it gives a local user a way to destabilize
(crash?)  system. Then again, having seen those nasty free() exploits I
won't be surprised if it can be turned into something dangerous.

Is there an issue with bringing in FreeBSD's fix for sys_dup2?

References:
- Locally exploitable races? OpenBSD
  - From: Zvezdelin <zvezdi@freenet.nether.net>
- Re: Locally exploitable races? OpenBSD
  - From: "Todd C. Miller" <Todd.Miller@courtesan.com>

Prev by Date: Re: Locally exploitable races? OpenBSD
Next by Date: Re: Locally exploitable races? OpenBSD
Prev by thread: Re: Locally exploitable races? OpenBSD
Next by thread: Re: Locally exploitable races? OpenBSD
Index(es):
- Date
- Thread