>If lsof is installed setgid kmem, it shouldn't gain any privileges to >overwrite something to gain root access. At worst, it should only be >possible to read things in kernel memory that ordinary users shouldn't >have access to (I suppose this might include a password in a tty buffer >if the cracker got really lucky). In the past some OS's have had problems whereby even though kmem was read-only, you could use mmap() to obtain write access to it. Although this is (hopefully) fixed everywhere now, it would have been a good example of how to get instant root with this bug. see http://www.openbsd.org/advisories/mmap I would say that read access alone is enough however... - Oliver
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:46 PDT