version 1.79, 1998/02/19 22:03:22 |
version 1.80, 1998/02/21 00:42:37 |
|
|
<p> |
<p> |
<a name=mmap></a> |
<a name=mmap></a> |
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
If you rely on the system securelevels as described in init(8), you |
A bug in the vm system permits a file descriptor opened read-only on a |
will want this fix. A bug in the vm system permits a file descriptor |
device, to later on be mmap(2)'d read-write, and then modified. This |
opened read-only on a device, to later on be mmap(2)'d read-write, and |
does not result in a security hole by itself, but it does violate the |
then modified. This does not result in a security hole by itself, but |
safety semantics which securelevels are supposed to provide. If a user |
it does violate the safety semantics which securelevels are supposed to |
manages to gain kmem group permissions, using this problem they can then |
provide. If a user manages to gain kmem group permissions, using this |
gain root trivially and/or turn securelevels off. |
problem they can then gain root trivially. |
|
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
A kernel patch is available which corrects this behaviour (this is |
A kernel patch is available which corrects this behaviour (this is |
revision 2 of this patch)</a>. |
revision 2 of this patch)</a>. |