===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- www/errata.html 1998/02/19 22:03:22 1.79
+++ www/errata.html 1998/02/21 00:42:37 1.80
@@ -65,13 +65,12 @@
SECURITY FIX
-If you rely on the system securelevels as described in init(8), you
-will want this fix. A bug in the vm system permits a file descriptor
-opened read-only on a device, to later on be mmap(2)'d read-write, and
-then modified. This does not result in a security hole by itself, but
-it does violate the safety semantics which securelevels are supposed to
-provide. If a user manages to gain kmem group permissions, using this
-problem they can then gain root trivially.
+A bug in the vm system permits a file descriptor opened read-only on a
+device, to later on be mmap(2)'d read-write, and then modified. This
+does not result in a security hole by itself, but it does violate the
+safety semantics which securelevels are supposed to provide. If a user
+manages to gain kmem group permissions, using this problem they can then
+gain root trivially and/or turn securelevels off.
A kernel patch is available which corrects this behaviour (this is
revision 2 of this patch).
@@ -254,7 +253,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.79 1998/02/19 22:03:22 deraadt Exp $
+
$OpenBSD: errata.html,v 1.80 1998/02/21 00:42:37 deraadt Exp $