tech-security: Re: NetBSD Security Advisory 2000-001

Subject: Re: NetBSD Security Advisory 2000-001
To: Alex <xela@MIT.EDU>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-security
Date: 02/18/2000 20:24:16

  by redmail.netbsd.org with SMTP; 18 Feb 2000 19:36:06 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id UAA15172;
	Fri, 18 Feb 2000 20:35:57 +0100 (MET)
Date: Fri, 18 Feb 2000 20:24:16 +0100
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: Alex <xela@MIT.EDU>
Cc: Daniel Carosone <security-officer@netbsd.org>, tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
Message-ID: <20000218202416.A575@antioche.eu.org>
References: <14505.23693.773699.404104@passion.geek.com.au> <200002180259.VAA16646@mint-square.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200002180259.VAA16646@mint-square.mit.edu>; from xela@MIT.EDU on Thu, Feb 17, 2000 at 09:59:24PM -0500

On Thu, Feb 17, 2000 at 09:59:24PM -0500, Alex wrote:
> >                  NetBSD Security Advisory 2000-001
> >                  =================================
> > 
> > Topic:		procfs security hole
> > Version:	NetBSD 1.4.1 and prior; NetBSD-current until 20000126
> > Severity:	If the proc filesystem is mounted, any user can become root
> 
> Will this vulnerability be corrected in 1.4.2 before it is released?

Yes, of course. This would be a showstopper for a release.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--