Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs
From: Dan Margolis <krispykringle () gentoo org>
Date: Thu, 02 Dec 2004 16:24:10 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Randall Craig wrote:
On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig () gmail com> wrote:
 Ok I am super duper new to this list and also new to *nix... i will
 never go back to M$ ceptin for gaming purposes... I am running on OS
 X.3.3 and was wanting to know if the Security Alert pertaining to
 FreeBSD would also affect my system. I know that BSD is running
 underneath OS X... I am fairly sure that Apple is aware of it by
 now-.
 thnx

No. When people comment that OSX runs on BSD, they don't mean that OSX
actually runs a FreeBSD kernel. It does not (it runs XNU, based on Mach
but incorporating BSD code). Read
[http://www.kernelthread.com/mac/osx/arch_xnu.html] for more information.

Specifically regarding this vulnerability, MacOSX does not have procfs
(/proc on systems that have it), so it's hard to imagine that it is
subject to this vulnerability.

On a side-note, Apple is pretty tightlipped about vulnerabilities (much
the way Microsoft used to be, though they *seem* to be learning their
lesson, from what I've heard). Apple should follow the lead set by other
vendors and recognize that once a vulnerability is public, the
responsible path is to acklowedge and publish workarounds or fixes, not
deny the problem until a final solution is available.

Dan
- --
Dan "KrispyKringle" Margolis
Security Coordinator/Audit Project, Gentoo Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iQEVAwUBQa+H+rDO2aFJ9pv2AQJbyQf8DcnBTOQdpqfZSRPIAaW/g/FE+/YYJFAG
AqHovG9SJ9JGVmzLW+3fFWXSqevzaxmIkaj/WzSDxDFb9MD4H9jwGdFD7AXyHTFS
go5c0t8r7auNrwhwxJiiJyyH3Y3rBAJQqJyRNFlRt7qL8rCG2Hzo1u1Yvrm6tcHG
KxJ2XU3EqavBghT9iQXVTcOTf66e6MzTrOI0c/xffcvjAu2XTyXXNnsj0wloTv04
JqdenT/SfLe0LowY6cpT2p1W0r/x5UkU2jlaTxkvmNvDbKsuvhMBX5CRw9QZv/pj
v72fjnpIoMPQ+WM6ykk06b6T5c0+tAXV0IGoRoddLibZsJM+bBbdSQ==
=RjMr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]