Since kkenn is gone for a period of time, should anyone on
security-officer respond publically? Or has this already been done and
I'm behind email..

On Mon, 10 Dec 2001, Alfred Perlstein wrote:

:* Mike Tancsa <mikesentex.net> [011210 12:25] wrote:
:>
:> For those not on bugtraq,
:
:Yah, this needs to be fixed, do note that AIO is not enabled by
:default in FreeBSD and the warning is pretty clear.
:
:Alan, can you take a look at this? I'd really like to get AIO
:enabled by default one of these days. :)
:
:>
:> ---Mike
:>
:> ------------------------------------------------------------------------------
:> Soniq Security Advisory
:> David Rufino <drsoniq.net> Dec 9, 2001
:>
:> Race Condition in FreeBSD AIO implementation
:> http://elysium.soniq.net/dr/tao/tao.html
:> ------------------------------------------------------------------------------
:>
:> RISK FACTOR: LOW
:>
:> SYNOPSIS
:>
:> AIO is a POSIX standard for asynchronous I/O. Under certain conditions,
:> scheduled AIO operations persist after an execve, allowing arbitrary
:> overwrites in the memory of the new process. Combined with the permission
:> to execute suid binaries, this can yield elevated priviledges.
:> Currently VFS_AIO is not enabled in the default FreeBSD kernel config,
:> however comments in ``LINT'' suggest security issues have been known about
:> privately for some time:
:>
:> # Use real implementations of the aio_* system calls. There are numerous
:> # stability issues in the current aio code that make it unsuitable for
:> # inclusion on shell boxes.
:
:To Unsubscribe: send mail to majordomoFreeBSD.org
:with "unsubscribe freebsd-security" in the body of the message
:

--
Andrew R. Reiter
arrwatson.org
arrFreeBSD.org
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]