Re: The insecurity of OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: John Jackson

Date: Friday, January 22, 2010 - 10:54 am

On Fri, Jan 22, 2010 at 10:56:14AM +0800, Zamri Besar wrote:
quoted text> The insecurity of OpenBSD
> http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
> 
> -zamri-

Sometimes the "add-on" security enhancements directly weaken system
security:

http://www.milw0rm.com/exploits/9191

"""
   Bypassing the null ptr dereference protection in the mainline kernel
   via two methods ->
     if SELinux is enabled, it allows pulseaudio to map at 0
     UPDATE: not just that, SELinux lets any user in unconfined_t map at
     0, overriding the mmap_min_addr restriction!  pulseaudio is not
     needed at all!  Having SELinux enabled actually *WEAKENS* system
     security for these kinds of exploits!
"""


John

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

The insecurity of OpenBSD, Zamri Besar, (Thu Jan 21, 7:56 pm)

Re: The insecurity of OpenBSD, STeve Andre', (Thu Jan 21, 8:13 pm)

Re: The insecurity of OpenBSD, Aaron Mason, (Thu Jan 21, 8:47 pm)

Re: The insecurity of OpenBSD, Eric Furman, (Thu Jan 21, 8:57 pm)

Re: The insecurity of OpenBSD, Dan Harnett, (Thu Jan 21, 10:35 pm)

Re: The insecurity of OpenBSD, Marco Peereboom, (Fri Jan 22, 6:22 am)

Re: The insecurity of OpenBSD, Brad Tilley, (Fri Jan 22, 6:51 am)

Re: The insecurity of OpenBSD, Dan Harnett, (Fri Jan 22, 10:13 am)

Re: The insecurity of OpenBSD, Scott Learmonth, (Fri Jan 22, 10:38 am)

Re: The insecurity of OpenBSD, John Jackson, (Fri Jan 22, 10:54 am)

Re: The insecurity of OpenBSD, Marc Espie, (Fri Jan 22, 11:15 am)

Re: The insecurity of OpenBSD, J Sisson, (Fri Jan 22, 11:27 am)

Re: The insecurity of OpenBSD, Chris Bennett, (Fri Jan 22, 11:47 am)

Re: The insecurity of OpenBSD, ropers, (Fri Jan 22, 3:39 pm)

Re: The insecurity of OpenBSD, Scott McEachern, (Fri Jan 22, 4:01 pm)

Re: The insecurity of OpenBSD, Steve Shockley, (Fri Jan 22, 5:02 pm)

Re: The insecurity of OpenBSD, Jordi Espasa Clofent, (Mon Jan 25, 10:26 am)

Re: The insecurity of OpenBSD, Anathae E. Townsend, (Sat Jan 30, 6:28 pm)


linux-kernel:
Fortier,Vincent [Montreal]	2.6.21.5 june 30th to july 1st date hang?
Jeff Dike	[ PATCH 2/6 ] UML - Formatting fixes around os_{read_write}_file callers
Liam Girdwood	[PATCH 07/13] regulator: regulator test harness
Oleg Nesterov	Re: Getting the new RxRPC patches upstream
Stefan Seyfried	Re: 2.6.19-rc5: grub is much slower resuming from suspend-to-disk than in 2.6.18
linux-netdev:
Arnaud Ebalard	Re: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Jan Engelhardt	Re: [PATCH iptables] extension: add xt_cpu match
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Sebastian Andrzej Siewior	[PATCH 8/8] net/emergency: remove locking from reycling pool if emergncy pools are...
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
git:
Jakub Narebski	Re: git on MacOSX and files with decomposed utf-8 file names
Brandon Casey	Re: Thunderbird and patches (was Re: [PATCH v2] Enable setting attach as the def...
Christian Couder	[PATCH 1/3] rev-parse: add test script for "--verify"
Ramkumar Ramachandra	Re: [GSoC update] git-remote-svn: The final one
Junio C Hamano	Re: git-rm isn't the inverse action of git-add
openbsd-misc:
Joachim Schipper	Re: UVC Webcams
Florin Andrei	SOLVED [was: firewall is very slow, something's wrong]
Todd Alan Smith	Re: Microsoft gets the Most Secure Operating Systems award
Neal Hogan	Re: Need Advice: Thinkpad T60 or T61?
Sam Fourman Jr.	Re: Real men don't attack straw men
git-commits-head:
Linux Kernel Mailing List	ACPI: Disable ARB_DISABLE on platforms where it is not needed
Linux Kernel Mailing List	m68knommu: add read_barrier_depends() and irqs_disabled_flags()
Linux Kernel Mailing List	[MTD] Add mtd panic_write function pointer
Linux Kernel Mailing List	[ARM] pxa: remove duplicate select statements from Kconfig
Linux Kernel Mailing List	mlx4_core: Don't read reserved fields in mlx4_QUERY_ADAPTER()