Re: Freebsd FD exploit

["Jacques A. Vidrine" <nectar () FreeBSD org>]

On Sun, Aug 18, 2002 at 09:01:13PM -0400, dvdman wrote:
> /* Proof Of Concept exploit for the Freebsd file descriptors bug. Freebsd 
> thought they fixed this months ago well guess again :P Thanks to the 
> Freebsd kernel you may now enjoy local root on all freebsd <=4.6 ;) */
[...]
> And Freebsd thought they fixed this :P

Well, it _is_ fixed, as of July 30.


[...]
> thanks Georgi Guninski for ideas
[...]
> Several months ago Joost Pol <joost () pine nl> made public almost the same
> problem. FreeBSD fixed it, but the patch does not cover all the cases.
[...]
> PROOF:
> [dvdman@xxxx:~]$ uname -a
> FreeBSD xxx.xx 4.6-STABLE FreeBSD 4.6-STABLE #1: Sat Jul27 20:16:20 GMT 2002     dvdman@xxxx:/usr/obj/usr/src/sys/xxx 
>  i386

Yes, there was a case missed.  Georgi caught it and let us know about
it (thanks, Georgi!), and it was repaired around 2002-07-30 15:40:46
UTC in all branches.  We released an updated advisory around then, as
well.

Cheers,
-- 
Jacques A. Vidrine <n () nectar cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine () verio net     .  nectar () FreeBSD org  .          nectar () kth se