|
Bugtraq
mailing list archives
Re: OpenBSD kernel holes ...
From: noir () uberhax0r net
Date: Tue, 18 Nov 2003 18:52:31 -0500 (EST)
I may be wrong here, but I don't think that any of the kern.emul.*
executable emulations are actually enabled on a default install. I have
installed openbsd in environments requiring one of these since 3.2 and
have had to specifically enable them every time. COMPAT_* are compiled in
the default kernel, but are turned of via sysctl in the default install.
this exploit will get you uid=0 in all default installs starting from 2.6
upto and including 3.3. i have personally tested 2.6, 3.0, 3.1, 3.2, 3.3
on vmware (since i cann't effort to waste real hardware on openbsd.)
that matter. IMHO, the slogan should be "More secure by default".
IMHO, the slogan should be "Less secure than claimed".
This does fall under reliability fix category, though, since it isn't really
a security issue, the bug puts the system into one of its most secure states:
halted. Well, that is as long as youve disabled the kdb, which you should have
on a production box.
this so true for OpenBSD. yes its most secure state is: halted.
- noir
 By Date 
By Thread
Current thread:
| 
Intro
