[32482] in bugtraq
Re: OpenBSD kernel holes ...
daemon@ATHENA.MIT.EDU (noir@uberhax0r.net)
Wed Nov 19 13:05:41 2003
Date: Tue, 18 Nov 2003 18:52:31 -0500 (EST)
From: noir@uberhax0r.net
To: Coleman Kane <cokane@cokane.org>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20031118205626.GA50073@blah.home.int>
Message-ID: <Pine.GSO.4.44.0311181847400.2387-100000@sodom.uberhax0r.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> I may be wrong here, but I don't think that any of the kern.emul.*
> executable emulations are actually enabled on a default install. I have
> installed openbsd in environments requiring one of these since 3.2 and
> have had to specifically enable them every time. COMPAT_* are compiled in
> the default kernel, but are turned of via sysctl in the default install.
this exploit will get you uid=0 in all default installs starting from 2.6
upto and including 3.3. i have personally tested 2.6, 3.0, 3.1, 3.2, 3.3
on vmware (since i cann't effort to waste real hardware on openbsd.)
> that matter. IMHO, the slogan should be "More secure by default".
IMHO, the slogan should be "Less secure than claimed".
>
> This does fall under reliability fix category, though, since it isn't really
> a security issue, the bug puts the system into one of its most secure states:
> halted. Well, that is as long as youve disabled the kdb, which you should have
> on a production box.
this so true for OpenBSD. yes its most secure state is: halted.
- noir
