Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Operating Systems BSD

FreeBSD Kernel Leak 81

Pine Digital Security announced a FreeBSD kernel leak, found when auditing a customer. The leak can be exploited to panic the server or elevate privileges. FreeBSD swiftly updated CVS, a security advisory will probably follow. Both the -RELEASE branch and -CURRENT branch are vulnerable.
This discussion has been archived. No new comments can be posted.

FreeBSD Kernel Leak

Comments Filter:
  • I just wanted to point this out since whoever
    submitted the article didn't feel it was
    necessary.

    To repeat myself, according to the article, this
    problem does not effect OpenBSD or NetBSD.
    • Its a FreeBSD kernel bug, NetBSD and openBSD use different kernels than FreeBSD.
    • by CoolVibe ( 11466 ) on Monday January 06, 2003 @11:21AM (#5025771) Journal
      Troll.

      Where in the story posting does it say that involves NetBSD and/or OpenBSD? It states clearly that it's a FreeBSD bug. And one that's already fixed in CVS to boot.

    • by jasonditz ( 597385 ) on Monday January 06, 2003 @11:58AM (#5026016) Homepage
      Let me just remind you all that this bug does NOT effect the OS/2 Warp 3.0 kernel.

      I repeat, the OS/2 Warp kernel is not effected!
      • ROFL!

        *wipes coffee that was first in my mouth from screen*

        Thanks...

    • Effect is not a verb -- it's a noun. The word you're looking for is affect.
  • Key Phrase (Score:3, Insightful)

    by Alethes ( 533985 ) on Monday January 06, 2003 @11:14AM (#5025715)
    "FreeBSD swiftly updated CVS"

    I love open-source.
    • Re:Key Phrase (Score:3, Interesting)

      by xA40D ( 180522 )
      "FreeBSD swiftly updated CVS"

      I love open-source.


      Indeed.

      I use FreeBSD_STABLE, I cvsup and recompile once a month. As the STABLE branch is "not vulnerable after 20021111" I'm happy to say I'd closed this particular hole 2 weeks before the FreeBSD authorities team had been informed of it's existance.

    • That is the most important part of this article. Not that a patch is on the way, or that FreeBSD is thinking about fixing the problem, possibly in their next major release.

      The problem is already fixed, and people just need to update themselves now.

    • You did a nice job of writing something that went over most people's heads there :)
  • by phippy ( 176682 ) on Monday January 06, 2003 @12:10PM (#5026090)
    i appreciate postings like this, but as usual, any good discussion about the problem is zero on slashdot.

    every time there is a mention of linux or xBSD or whatever OS having a problem, people who don't use it come out of the woodwork to say "LOOK! It sucks! It's broken! HaHaHa! We Win!".

    how old are you people ? (mentally?)
    no wonder why other tech-based sites have no respect for slashdot discussions.
    • It's mostly becuase most everyone CVSUPd and installed the fix a few weeks back.
    • > how old are you people ? (mentally?)
      > no wonder why other tech-based sites have no respect for slashdot discussions.

      I'd say that that's what's so great about slashdot, its egalitarian nature. Sure, you see many stupid posts (you might say that this post is stupid as well), but the fact that anyone can contribute to slashdot makes this place magical and dynamic; stupid posts are just a minor consequence. And let me ask you; if you think that slashdot is just a morons and idiots get-together, why would you be reading and posting here?
  • by Anonymous Coward
    But then again, who'd want that source anyways?
  • Rackspace (Score:1, Troll)

    by rawg ( 23000 )
    Is this the reason that Rackspace would not let me use FreeBSD on their network 6 months ago? They said that if I use FreeBSD then I will be hacked. Then they pushed RedHad Linux on me.

    To this day, I do not know why they said FreeBSD is insecure at the Kernel.
    • Considering this is a local exploit and so what if you are hacked it's your machine, they also seem to allow FreeBSD on their custom build a server option, so whatever problems they did have with it seem to be gone.
      • They do have it on their custom build. When I built my custom they told me they do not support FreeBSD anymore. This was six months ago. They said there were going to take it off their web site. I got a call from them the other day and they still do not support FreeBSD.
    • Re:Rackspace (Score:5, Informative)

      by xA40D ( 180522 ) on Monday January 06, 2003 @02:17PM (#5026979) Homepage
      if I use FreeBSD then I will be hacked.

      Not exactly a reprasentative poll but...

      I use FreeBSD. I work in an office with 7 other people who all use RedHat. Out of the 8 of us, over the past 2 years, I'm the only one never to have been hacked.

      The job I had before this was with an ISP which used FreeBSD for all their core systems. And in their whole history they had only ever had one FreeBSD system hacked, and that turned out to be an ex-employee who had added his public key to someobody elses authorized_keys file.

    • Re:Rackspace (Score:3, Informative)

      by sbeitzel ( 33479 )
      I have a FreeBSD machine over at Rackspace, and I found out the hard way what they meant. They only support out-of-the-box distributions. So if you cvsup the source and then rebuild your world and kernel, then if anything goes wrong with the system (say, for instance, a disk fries) they won't perform support operations as part of your built-in service fees (since you're not running on a standard configuration). Instead, you'll have to pay a premium for the support.
    • Re:Rackspace (Score:3, Interesting)

      by R.Caley ( 126968 )
      Is this the reason that Rackspace would not let me use FreeBSD on their network 6 months ago?

      The less cynical interpretation is that they don't have the support smarts to support FBSD.

      The cynic in me suggests they have a deal with Red Hat.

      • The cynic in me suggests they have a deal with Red Hat.

        what kind of deal would they have? Something like if Rackspace exclusively uses Redhat, then Rackspace gets free versions of Redhat Linux with full access to the source code? :P
        • The cynic in me suggests they have a deal with Red Hat.

          what kind of deal would they have?

          Cheap support? Millinary vouchers? Penguin guano scrapers?

    • Any time I post anything about Rackspace and their "use FreeBSD and get Hacked" stance, I get labled as a troll.... Why? I just don't get it....
  • What's the point? (Score:3, Insightful)

    by Arandir ( 19206 ) on Monday January 06, 2003 @01:38PM (#5026674) Homepage Journal
    Why was this even posted? First Slashdot posts erroneous stories. Then they start making up stories. Now they post the most trivial of stories.

    "Ho hum. Another slow news day. Let's roll some dice and post a minor random security advisory from some random project and pretend it's news."
  • by edhall ( 10025 ) <slashdot@weirdnoise.com> on Monday January 06, 2003 @01:48PM (#5026748) Homepage

    This is a local vulnerability; it doesn't, in and of itself, make servers vulnerable. Even if someone has a local account on a system, it takes hours of CPU time to perform an exploit.

    It looks like the bug (and the fix) were already announced (and committed to CVS) but that the possibility of using the bug in an exploit was not revealed until now (and might not even have been appreciated by the original reporter).

    -Ed
    • Ya know Ed you da man! I was pretty sure it was local and not the average script kiddie's folly; however, wanting to see how long it took for someone to confirm my drunken belief and now I am way down here in the replies :).

      Begin_Rant

      Too much wah wah FreeBSD, Not OPEN or NET blather to give people, who may need direction and are unfamiliar, the proper support and information they deserve --hats off to you for pointing the truth out.

      Afterall, it's the community spirit being fostered by the BSD and Linux and Open Source Movements that needs to be agressively passed along to the newly initiated cause we all know....

      The DOCUMENTATION SUCKS, so the community needs to make up for it, or we'll all have Borg implants, M$ alarm clocks that don't wake us up for work, microwave ovens that can't cook a decent buttered popcorn, and Oracle poptarts that are still cold out of the toaster.

      Having a choice makes up for small road block which are already fixed and gone.

      Surely some people have a few production servers will probably need to be patched against this due to the service that they provide, but the odds that they'll get caught with their asses hanging out are slim to none and even the slightest of process monitoring would smell that in a hearbeat.

      Any OS needs help out of the box and takes a clear and goal oriented approach to make it secure and tuned in any sense to the mold in which you want it to fit.

      Too bad people would rather speak than what consider what people may want to hear....It obscures the point. I think the post meant well, but was the starting point of a degraded dialogue (minus my $0.02 of course :) )

      End_Rant

      -Quillsta
    • Are you completely sure that no network daemon can be coerced into calling fpathconf() repetitively?
      • The problem isn't calling just calling fpathconf() repetitively. The problem is calling fpathconf() repetitively on a socket or other non-file (which would be a bug in itself). And by "repetitively" I mean at least 2,147,483,648 times on the same file descriptor for a system panic exploit, and exactly 4,294,967,295 times on the same file descriptor (followed by a close()) for the priviledge escalation exploit.

        No network daemon that is part of the FreeBSD base system can be coerced into performing the necessary actions. Grep the source tree yourself (you'll only get a handful of hits) and examine the resulting files if you don't believe me. It's impossible to rule out everything in the ports collection (and the FreeBSD folks are careful not to make any claims regarding them) but it's hard to imagine creating an exploit of greater than theoretical importance using any network server.

        -Ed
  • in other news today, Core [freebsd.org] announced today that they'd be changing the FreeBSD kernel from it's current red colour, to mauve, since it has more RAM [fu-berlin.de].

  • > Although the missing fdrop() call in fpathconf(2) was noticed
    > before by Nakamura Takayuki its impact
    > was severely underestimated.

    As someone noticed before, it looks like a known bug, but until now nobody has really done the check, "hey, what this bug does?".

    Maybe now the FreeBSD Core team knows why they fixed the bug :)

"I am, therefore I am." -- Akira

Working...