> From: Ollivier Robert <robertoat_private> > Subject: Re: FreeBSD (and other BSDs?) local root explot > > According to Todd C. Miller: > > that one of the FreeBSD guys was recently working on incorporating > > changes from the OpenBSD fts.c. I don't see the relevant change in > > FreeBSD-current though. > It has been committed to all three branches, 4.0-CURRENT, 3.2-STABLE and > even 2.2-STABLE. > Log: > Don't follow symlinks on coredumps and ktrace. This does not fix the bug in fts.c. I believe that this bug can be exploited to gain root privileges in other way than overwriting files with a core. I still have not exploit, so this is theoretical problem only. But many people like "to make theoretical practical" :) \bye Stas
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:08 PDT