version 1.77, 1998/02/19 13:49:00 |
version 1.78, 1998/02/19 21:35:44 |
|
|
opened read-only on a device, to later on be mmap(2)'d read-write, and |
opened read-only on a device, to later on be mmap(2)'d read-write, and |
then modified. This does not result in a security hole by itself, but |
then modified. This does not result in a security hole by itself, but |
it does violate the safety semantics which securelevels are supposed to |
it does violate the safety semantics which securelevels are supposed to |
provide. |
provide. If a user manages to gain kmem group permissions, using this |
|
problem they can then gain root trivially. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
A kernel patch is available which corrects this behaviour</a>. |
A kernel patch is available which corrects this behaviour</a>. |
<p> |
<p> |