FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

Pawel Jakub Dawidek pjd at FreeBSD.org
Wed Dec 6 06:14:42 PST 2006 

On Wed, Dec 06, 2006 at 02:07:16AM -0800, Colin Percival wrote:
> FreeBSD Security Advisories wrote:
> > FreeBSD-SA-06:25.kmem                                       Security Advisory
> >                                                           The FreeBSD Project
> > ...
> > III. Impact
> > 
> > A user in the "operator" group can read the contents of kernel memory.
> > Such memory might contain sensitive information, such as portions of
> > the file cache or terminal buffers.  This information might be directly
> > useful, or it might be leveraged to obtain elevated privileges in some
> > way; for example, a terminal buffer might include a user-entered
> > password.
> 
> For what it's worth, there was a lot of debate about whether this deserved
> an advisory: Members of the operator group are allowed (by default, at least)
> to read raw disk devices, so being able to read kernel memory really isn't
> very much of a privilege escalation. [...]

Definitely. There always could be a kernel dump on a swap device.
I really see no point at all in such security advisories. Local DoSes
are much more important and we don't publish security advisories for
them, because as we all well know there are many, many such bugs in any
operating system out there and will be just silly to publishing security
advisory for every single local DoS.

> [...] In the end I decided to go ahead with
> this advisory largely because we were already planning on issuing an advisory
> this week (for a far more serious issue in GNU tar), but if a similar issue
> arises next month, we might decide not to bother with an advisory.

That's why IMHO it was a mistake to publish this one, because people can
start depend on the fact that we publish security advisories for such
bugs.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20061206/61f8d9be/attachment.pgp

More information about the freebsd-security mailing list