Subject: Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure
To: Lubomir Kundrak <lkundrak@redhat.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-security
Date: 11/16/2006 13:58:59
On Thu, Nov 16, 2006 at 01:35:43PM +0100, Lubomir Kundrak wrote:
> http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html
Note that the fw nodes are not created by default in /dev.
Also MAKEDEV create them 660 root:operator so you have to be in group
operator to exploit this (unless you change the permissions). In this
case you can also do a lot of other things (like read raw disk devices).
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--