| version 1.79, 1998/02/19 22:03:22 |
version 1.80, 1998/02/21 00:42:37 |
|
|
| <p> |
<p> |
| <a name=mmap></a> |
<a name=mmap></a> |
| <li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
| If you rely on the system securelevels as described in init(8), you |
A bug in the vm system permits a file descriptor opened read-only on a |
| will want this fix. A bug in the vm system permits a file descriptor |
device, to later on be mmap(2)'d read-write, and then modified. This |
| opened read-only on a device, to later on be mmap(2)'d read-write, and |
does not result in a security hole by itself, but it does violate the |
| then modified. This does not result in a security hole by itself, but |
safety semantics which securelevels are supposed to provide. If a user |
| it does violate the safety semantics which securelevels are supposed to |
manages to gain kmem group permissions, using this problem they can then |
| provide. If a user manages to gain kmem group permissions, using this |
gain root trivially and/or turn securelevels off. |
| problem they can then gain root trivially. |
|
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
| A kernel patch is available which corrects this behaviour (this is |
A kernel patch is available which corrects this behaviour (this is |
| revision 2 of this patch)</a>. |
revision 2 of this patch)</a>. |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www