Re: OpenBSD kernel holes ...

To: Coleman Kane <cokane@xxxxxxxxxx>
Subject: Re: OpenBSD kernel holes ...
From: noir@xxxxxxxxxxxxx
Date: Tue, 18 Nov 2003 18:52:31 -0500 (EST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20031118205626.GA50073@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

> I may be wrong here, but I don't think that any of the kern.emul.*
> executable emulations are actually enabled on a default install. I have
> installed openbsd in environments requiring one of these since 3.2 and
> have had to specifically enable them every time. COMPAT_* are compiled in
> the default kernel, but are turned of via sysctl in the default install.

this exploit will get you uid=0 in all default installs starting from 2.6
upto and including 3.3. i have personally tested 2.6, 3.0, 3.1, 3.2, 3.3
on vmware (since i cann't effort to waste real hardware on openbsd.)

> that matter. IMHO, the slogan should be "More secure by default".

IMHO, the slogan should be "Less secure than claimed".

>
> This does fall under reliability fix category, though, since it isn't really
> a security issue, the bug puts the system into one of its most secure states:
> halted. Well, that is as long as youve disabled the kdb, which you should have
> on a production box.

this so true for OpenBSD. yes its most secure state is: halted.

- noir

References:
- Re: OpenBSD kernel holes ...
  - From: Coleman Kane

Prev by Date: FW: Security researchers organization
Next by Date: Re: Apple Safari 1.1 (v100)
Previous by thread: Re: OpenBSD kernel holes ...
Next by thread: Re: OpenBSD kernel holes ...
Index(es):
- Date
- Thread