Full Disclosure mailing list archives
Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs
From: Dan Margolis <krispykringle () gentoo org>
Date: Thu, 02 Dec 2004 16:24:10 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randall Craig wrote:
On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig () gmail com> wrote: Ok I am super duper new to this list and also new to *nix... i will never go back to M$ ceptin for gaming purposes... I am running on OS X.3.3 and was wanting to know if the Security Alert pertaining to FreeBSD would also affect my system. I know that BSD is running underneath OS X... I am fairly sure that Apple is aware of it by now-. thnx
No. When people comment that OSX runs on BSD, they don't mean that OSX actually runs a FreeBSD kernel. It does not (it runs XNU, based on Mach but incorporating BSD code). Read [http://www.kernelthread.com/mac/osx/arch_xnu.html] for more information. Specifically regarding this vulnerability, MacOSX does not have procfs (/proc on systems that have it), so it's hard to imagine that it is subject to this vulnerability. On a side-note, Apple is pretty tightlipped about vulnerabilities (much the way Microsoft used to be, though they *seem* to be learning their lesson, from what I've heard). Apple should follow the lead set by other vendors and recognize that once a vulnerability is public, the responsible path is to acklowedge and publish workarounds or fixes, not deny the problem until a final solution is available. Dan - -- Dan "KrispyKringle" Margolis Security Coordinator/Audit Project, Gentoo Linux -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iQEVAwUBQa+H+rDO2aFJ9pv2AQJbyQf8DcnBTOQdpqfZSRPIAaW/g/FE+/YYJFAG AqHovG9SJ9JGVmzLW+3fFWXSqevzaxmIkaj/WzSDxDFb9MD4H9jwGdFD7AXyHTFS go5c0t8r7auNrwhwxJiiJyyH3Y3rBAJQqJyRNFlRt7qL8rCG2Hzo1u1Yvrm6tcHG KxJ2XU3EqavBghT9iQXVTcOTf66e6MzTrOI0c/xffcvjAu2XTyXXNnsj0wloTv04 JqdenT/SfLe0LowY6cpT2p1W0r/x5UkU2jlaTxkvmNvDbKsuvhMBX5CRw9QZv/pj v72fjnpIoMPQ+WM6ykk06b6T5c0+tAXV0IGoRoddLibZsJM+bBbdSQ== =RjMr -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs Randall Craig (Dec 02)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs Dan Margolis (Dec 02)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs Danny (Dec 02)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs Andrew Farmer (Dec 02)
- Re: MacOSX -FreeBSD Stephen Menard (Dec 04)
- Re: MacOSX -FreeBSD Stephen Menard (Dec 04)
- Re: MacOSX -FreeBSD Stephen Menard (Dec 04)
- Re: MacOSX -FreeBSD Stephen Menard (Dec 04)