Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - FreeBSD trivial ROOT, first on 6.X, now on 7.X (theregister.co.uk)

udippel writes: The Register made some headlines [theregister.co.uk] first, scary. There is a video [vimeo.com] that demos how to compile a small program; or upload it to your unprivileged shell, or exploit some scripting on a web server to get some shell, for example the one needed to send out mail, and off you go. Since it is the exploit of a race condition, the whole system could as well crash or hang. In its article, The Register still says "Versions 7.1 and and beyond are not vulnerable". Just one day later, the author uploaded another video [vimeo.com], demonstrating the whole process another time, this time for FreeBSD 7.2.
Scary. I start to question FOSS, and wonder, how few cold eyes have reviewed this code, overlooking a NULL-dereference plus a race condition.
Icing on the cake: Przemyslaw Frasunek, who discovered the misery, duly informed FreeBSD on August 29th; but his message, so the FreeBSD guys, "got lost in the slew".
Is this the kind of OS we will gladly recommend for security-related applications?

Slashdot Top Deals

If in any problem you find yourself doing an immense amount of work, the answer can be obtained by simple inspection.

Working...