On Thu, May 27, 2004 at 10:36:48AM +1200, Richard Stevenson wrote: > I've got a quick question about the most recent security advisory, > FreeBSD-SA-04:11.msync. I'm trying to figure out how big an issue it is > (whether or not I need to stop everyone's access to the file server until > it's patched), given that we've got no "untrusted" users on our systems. > Does anyone know if it's possible for a user to trigger this problem > unintentionally or accidentally?
You user would have to run some code programmed specially to produce
the effect. Look at this thread on freebsd-hackers to see the problem
report that ultimately resulted in the security advisory:
http://lists.freebsd.org/pipermail/freebsd-hackers/2004-March/006396.html
As you can see, the first discovery was due to inadvertently
triggering the behaviour. However, if the problem isn't happening to
you already, and you trust your users to the extent that they will not
deliberately set out to trigger such a thing, then you can probably
get away allowing your users to carry on accesssing your file server
for a while longer.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp16zxqpoKHa.pgp
Description: PGP signature
