mailing list archives
Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs
From: Dan Margolis <krispykringle () gentoo org>
Date: Thu, 02 Dec 2004 16:24:10 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Randall Craig wrote:
On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig () gmail com> wrote:
Ok I am super duper new to this list and also new to *nix... i will
never go back to M$ ceptin for gaming purposes... I am running on OS
X.3.3 and was wanting to know if the Security Alert pertaining to
FreeBSD would also affect my system. I know that BSD is running
underneath OS X... I am fairly sure that Apple is aware of it by
No. When people comment that OSX runs on BSD, they don't mean that OSX
actually runs a FreeBSD kernel. It does not (it runs XNU, based on Mach
but incorporating BSD code). Read
[http://www.kernelthread.com/mac/osx/arch_xnu.html] for more information.
Specifically regarding this vulnerability, MacOSX does not have procfs
(/proc on systems that have it), so it's hard to imagine that it is
subject to this vulnerability.
On a side-note, Apple is pretty tightlipped about vulnerabilities (much
the way Microsoft used to be, though they *seem* to be learning their
lesson, from what I've heard). Apple should follow the lead set by other
vendors and recognize that once a vulnerability is public, the
responsible path is to acklowedge and publish workarounds or fixes, not
deny the problem until a final solution is available.
Dan "KrispyKringle" Margolis
Security Coordinator/Audit Project, Gentoo Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.