[Bug 217844] devel/gvfs
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Mar 17 04:38:59 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217844
--- Comment #3 from q5sys <jt at ixsystems.com> ---
I didn't send a BR in to HAL because at this point I dont know what can even be
done. To my knowledge exploit code has not been released, so we'd have to try
to figure out what the exploit is and then fix it.
The only thing I could come up with at the time was 'remove HAL', but I felt
like that request should come from someone more senior than I. Also there's
the issue that if that is done, anything depending on HAL like gvfs would have
to be modified not to use HAL... which is exactly what this BR is about.
I dont want to speak for anyone, but I'm pretty sure that no one really wants
to dig around in HAL to try to discover the problem and patch it consider it's
no longer being maintained on the Linux side. The last patch on the linux side
was 2011 per https://cgit.freedesktop.org/hal/log/
As for if this exploit is viable on FreeBSD, PC-BSD was explicitly stated as
being vulerable, and since PC-BSD was FreeBSD with pre-configured desktops.
TrueOS has diverged from FreeBSD stable since it's based on 12.Current, but the
older PC-BSD versions were in lock step with the FreeBSD stable branches. So
I'd assume, perhaps incorrectly, that if (for example) PC-BSD 10.x with HAL was
vulnerable, that FreeBSD 10.x would be as well... assuming HAL running on that
system.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-gnome
mailing list