Contributed by jose on from the ibcs-compat-overflow dept.
It may be possible for a local user to overrun the stack in compat_ibcs2(8). ProPolice catches this, turning a potential privilege escalation into a denial of service. iBCS2 emulation does not need to be enabled via sysctl(8) for this to happen.For 3.3, Patch 011 for i386 has been released to address the problem. Note that there is no ProPolice in the kernel on i386 for the 3.3 release, so it can be used to escalate privileges there. An exploit has been openly circulated, by the way.
Thanks to everyone who worked on this patch.
(Comments are closed)
By gwyllion () on
By gwyllion () on
Comments
By jose () on http://monkey.org/~jose/
that or i have some form of dyslexia.
thanks though ... fixed.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
Oh yeah, congrats on being able to type one command that was written by some other guy. You are my new super-1337-ichiban-h@x0r#1-idol now.
Comments
By Anonymous Coward () on
By Deluxe () on
Comments
By Anonymous Coward () on
Comments
By Wouter () on
Comments
By Anonymous Coward () on
Comments
By Anthony () on
It could be because of the "BSD is dying" trolls. :)
By Henning () henning@ on mailto:henning@
3.4 has ProPolice porrotected kernels as well (except for the install media)
By Chris Humphries () chris@unixfu.net on http://unixfu.net/
to halfass quote a line from swingers, "it is a bunny, a little cute bunny, and you are this bear, this bear with huge craws!".
alot of the propaganda seems to inhibit people's mindset in thinking that it is secure and there is no way, they are little ol' programmer can break into it and find holes that other obviously more competent and skilled programmers would have missed or not looked for.
at least it is a first step. dont let the propaganda ruin your mind. there are plenty of holes in everything, just gotta find them, and openbsd is no exception :D
Comments
By tony () tony@libpcap.net on mailto:tony@libpcap.net
By Anonymous Coward () on
http://www.microsoft|redhat.com.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
why don't you just like, hmm, go away ?
By djm () on
Anyway, thanks Noir for auditing our kernel for us. Please keep sending your bug reports :)
Comments
By Anonymous Coward () on
Comments
By gwyllion () on
Sorry, but I think you should blame Georgi Guninski, because in his advisory he calls this bug an OpenBSD kernel panic and states that >
In a later message to full-disclosure he thinks it might be exploitable: >
Only yesterday it was announced by noir that this bug is exploitable: "it is the second one he squashed in the last 2-3 weeks without even understanding that the first one is exploitable doh! ..." The exploitation technique is new and noir will release a paper on kmem allocator (kernel heap) overflows: "i will be releasing a paper regarding kmem allocator (heap) overflows in kernel space and exploit for patch 005 will be in its content." and "i have only release the stack based exploit since there is nothing new in the technique but the heap technique deserves more explanation and attention than an exploit post ..."
I'm sure that patch 005 will be labeled as a security fix instead of a reliability issue very soon (e.g. when noir releases more details).
By gwyllion () on
Retry (sorry for bad html)
Sorry, but I think you should blame Georgi Guninski, because in his advisory he calls this bug an OpenBSD kernel panic and states that >
In a later message to full-disclosure he thinks it might be exploitable: >
Only yesterday it was announced by noir that this bug is exploitable: "it is the second one he squashed in the last 2-3 weeks without even understanding that the first one is exploitable doh! ..." The exploitation technique is new and noir will release a paper on kmem allocator (kernel heap) overflows: "i will be releasing a paper regarding kmem allocator (heap) overflows in kernel space and exploit for patch 005 will be in its content." and "i have only release the stack based exploit since there is nothing new in the technique but the heap technique deserves more explanation and attention than an exploit post ..."
I'm sure that patch 005 will be labeled as a security fix instead of a reliability issue very soon (e.g. when noir releases more details).
By gwyllion () on
Retry #2 (sorry for bad html)
Sorry, but I think you should blame Georgi Guninski, because in his advisory he calls this bug an OpenBSD kernel panic and states that By executing a specially crafted binary it is possible to cause kernel panic on at least OpenBSD 3.3 and 2.8.
In a later message to full-disclosure he thinks it might be exploitable: After playing with the obsd kernel debugger i am not sure this is not exploitable.
Only yesterday it was announced by noir that this bug is exploitable: it is the second one he squashed in the last 2-3 weeks without even understanding that the first one is exploitable doh! ... The exploitation technique is new and noir will release a paper on kmem allocator (kernel heap) overflows: i will be releasing a paper regarding kmem allocator (heap) overflows in kernel space and exploit for patch 005 will be in its content. and i have only release the stack based exploit since there is nothing new in the technique but the heap technique deserves more explanation and attention than an exploit post ...
I'm sure that patch 005 will be labeled as a security fix instead of a reliability issue very soon (e.g. when noir releases more details).
By Anonymous Coward () on
OK. If you are so sure of what you are saying, why don't you just generate such a list and publish it? Until you do, everything you say has to be taken with a "grain of salt" ...
At least the OpenBSD group is trying. They never promised a 100% secure operating system, just something they'll try to secure.
By tony () tony@libpcap.net on mailto:tony@libpcap.net
do you really have this much free time?
Comments
By Anonymous Coward () on
By Anonymous Coward () on
OpenBSD priorities:
1) marketing
2) preserving image through lies
...
999) security
Comments
By Dunceor () on
By Anonymous Coward () on
I've got one for you... there is an unpublished remote root exploit in linux. Now go prove it doesn't exist. (sounds stupid doesn't it, but thats just what your're asking us to do)
Until the exploit is published or there is evidence of breakins, you're just talking about hearsay, which doesn't amount to crap.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
This gets said all the time, and still no one has stood up with a hand big enough to hold all the developer's asses.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Just like your various rants throughout this story!
We have so much in common, let's make out.
By tedu () on
Comments
By Anonymous Coward () on
Comments
By Dunceor () on
Give us evidence of patches that hasn't been followed by an advisory?
Comments
By Anonymous Coward () on
backported to 3.3 and no announcement?
By Anonymous Coward () on
I dont get from where you took these ``propagand'' crap, since I cant find it under openbsd.org. Perhaps you are talking about some openbsd users, but mind you it happens everywhere.
Now we can back to our know agenda, since no one stated the war was over.
By Anonymous Coward () on
wasent it serious enough to get a fix or is it still beeing worked on?
Comments
By gwyllion () on
Ask ho@ if this will be included in 3.4-stable.
Comments
By gwyllion () on
By Anonymous Coward () on
The reason I say this is because otherwise these things might go unnoticed. We still need the black hats.
OpenBSD courts this sort of problem by claiming to be the most `proactivly` secure OS. THAT is a red flag to a bull .. er.. cracker.
That chip-on-their-shoulder might make them offensive but if you want improved security you have to take the rough with the smooth.
Opponants of OpenBSD take great delight in any minor damage they can inflict, because it is OpenBSD, they will not disclose these problems publicly.
Hell, if so many peoples OpenBSD boxes were being 0wn3d then more sys-admins would be kicking off about it publicly and not doing a quiet switch.