[35383] in bugtraq
Re: Unprivilegued settings for FreeBSD kernel variables
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Jun 19 17:45:20 2004
Message-Id: <200406182127.i5ILRVxl003930@turing-police.cc.vt.edu>
To: Manuel Bouyer <bouyer@antioche.eu.org>
Cc: bugtraq@securityfocus.com, cert@cert.org, phrackstaff@phrack.org,
staff@packetstormsecurity.org, security@FreeBSD.org
In-Reply-To: Your message of "Thu, 17 Jun 2004 13:28:59 +0200."
<20040617112859.GA19812@antioche.eu.org>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1855029643P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 18 Jun 2004 17:27:31 -0400
--==_Exmh_1855029643P
Content-Type: text/plain; charset=us-ascii
On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:
> On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > [...]
> >
> > AFFECTED DISTRIBUTIONS:
> > FreeBSD 5.x i386
> > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
>
> NetBSD is not, a LKM can't be loaded if securelevel is > 0.
Note *very* carefully the fact that the statement "you can't load a LKM" is not
totally identical to "you can't cause an LKM to be in the kernel".
Hunt down the Phrack article on loading an LKM into a Linux kernel *that
doesn't even have module support*, and ask yourself if you're quite as sure
that there is *zero* vulnerability there....
--==_Exmh_1855029643P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFA015DcC3lWbTT17ARAubyAKD1fTG4DYYgh9hMdjpn4WwmPgPX8wCfXyMZ
jPTutJazqXAAsyXGu8GleLc=
=p/5Z
-----END PGP SIGNATURE-----
--==_Exmh_1855029643P--
