<<< Date Index >>>     <<< Thread Index >>>

Re: OpenBSD kernel holes ...



> I may be wrong here, but I don't think that any of the kern.emul.*
> executable emulations are actually enabled on a default install. I have
> installed openbsd in environments requiring one of these since 3.2 and
> have had to specifically enable them every time. COMPAT_* are compiled in
> the default kernel, but are turned of via sysctl in the default install.

this exploit will get you uid=0 in all default installs starting from 2.6
upto and including 3.3. i have personally tested 2.6, 3.0, 3.1, 3.2, 3.3
on vmware (since i cann't effort to waste real hardware on openbsd.)

> that matter. IMHO, the slogan should be "More secure by default".

IMHO, the slogan should be "Less secure than claimed".

>
> This does fall under reliability fix category, though, since it isn't really
> a security issue, the bug puts the system into one of its most secure states:
> halted. Well, that is as long as youve disabled the kdb, which you should have
> on a production box.

this so true for OpenBSD. yes its most secure state is: halted.

- noir