tech-security: Re: Bugtraq: procfs hole

Subject: Re: Bugtraq: procfs hole
To: Manuel BOUYER <bouyer@antioche.lip6.fr>
From: Rick Byers <rickb@iaw.on.ca>
List: tech-security
Date: 08/12/1997 15:05:13

I have verified that we are volnerable.  The FreeBSD exploit has to be
significantly modified, but it does work (I tested it under -current and
1.2.1).  I'm taking PROCFS out of all my kernels..

Rick

On Mon, 11 Aug 1997, Manuel BOUYER wrote:

> On Aug 11, der Mouse wrote
> > Is our procfs vulnerable?
> 
> As OpenBSD is, there are grat chances for our to be vulnerable too.
> But I can't test, as I don't configure procfs on any of my machines ...
> However, I think the exploit needs to be adjusted for NetBSD.
> A fix has been proposed in the freebsd-security list, which seems acceptable ...

=========================================================================
Rick Byers                                      Internet Access Worldwide
rickb@iaw.on.ca                                System Admin, Tech Support
Welland, Ontario, Canada                                    (905)714-1400
http://www.iaw.on.ca/rickb/                         http://www.iaw.on.ca/