Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - FreeBSD trivial ROOT, first on 6.X, now on 7.X (theregister.co.uk)

udippel writes: The Register made some headlines [theregister.co.uk] first, scary. There is a video [vimeo.com] that demos how to compile a small program; or upload it to your unprivileged shell, or exploit some scripting on a web server to get some shell, for example the one needed to send out mail, and off you go. Since it is the exploit of a race condition, the whole system could as well crash or hang. In its article, The Register still says "Versions 7.1 and and beyond are not vulnerable". Just one day later, the author uploaded another video [vimeo.com], demonstrating the whole process another time, this time for FreeBSD 7.2.
Scary. I start to question FOSS, and wonder, how few cold eyes have reviewed this code, overlooking a NULL-dereference plus a race condition.
Icing on the cake: Przemyslaw Frasunek, who discovered the misery, duly informed FreeBSD on August 29th; but his message, so the FreeBSD guys, "got lost in the slew".
Is this the kind of OS we will gladly recommend for security-related applications?

Slashdot Top Deals

System checkpoint complete.

Working...