Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - FreeBSD trivial ROOT, first on 6.X, now on 7.X (

udippel writes: The Register made some headlines [] first, scary. There is a video [] that demos how to compile a small program; or upload it to your unprivileged shell, or exploit some scripting on a web server to get some shell, for example the one needed to send out mail, and off you go. Since it is the exploit of a race condition, the whole system could as well crash or hang. In its article, The Register still says "Versions 7.1 and and beyond are not vulnerable". Just one day later, the author uploaded another video [], demonstrating the whole process another time, this time for FreeBSD 7.2.
Scary. I start to question FOSS, and wonder, how few cold eyes have reviewed this code, overlooking a NULL-dereference plus a race condition.
Icing on the cake: Przemyslaw Frasunek, who discovered the misery, duly informed FreeBSD on August 29th; but his message, so the FreeBSD guys, "got lost in the slew".
Is this the kind of OS we will gladly recommend for security-related applications?

Slashdot Top Deals

Money cannot buy love, nor even friendship.