| version 1.77, 1998/02/19 13:49:00 |
version 1.78, 1998/02/19 21:35:44 |
|
|
| opened read-only on a device, to later on be mmap(2)'d read-write, and |
opened read-only on a device, to later on be mmap(2)'d read-write, and |
| then modified. This does not result in a security hole by itself, but |
then modified. This does not result in a security hole by itself, but |
| it does violate the safety semantics which securelevels are supposed to |
it does violate the safety semantics which securelevels are supposed to |
| provide. |
provide. If a user manages to gain kmem group permissions, using this |
| |
problem they can then gain root trivially. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch> |
| A kernel patch is available which corrects this behaviour</a>. |
A kernel patch is available which corrects this behaviour</a>. |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www