On Thu, May 27, 2004 at 10:36:48AM +1200, Richard Stevenson wrote: > I've got a quick question about the most recent security advisory, > FreeBSD-SA-04:11.msync. I'm trying to figure out how big an issue it is > (whether or not I need to stop everyone's access to the file server until > it's patched), given that we've got no "untrusted" users on our systems. > Does anyone know if it's possible for a user to trigger this problem > unintentionally or accidentally?
You user would have to run some code programmed specially to produce the effect. Look at this thread on freebsd-hackers to see the problem report that ultimately resulted in the security advisory: http://lists.freebsd.org/pipermail/freebsd-hackers/2004-March/006396.html As you can see, the first discovery was due to inadvertently triggering the behaviour. However, if the problem isn't happening to you already, and you trust your users to the extent that they will not deliberately set out to trigger such a thing, then you can probably get away allowing your users to carry on accesssing your file server for a while longer. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Description: PGP signature