From owner-doc-jp@jp.freebsd.org  Tue Feb 22 21:04:32 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id VAA07312;
	Tue, 22 Feb 2000 21:04:32 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from TYO202.gate.nec.co.jp (TYO202.gate.nec.co.jp [202.247.6.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id VAA07307
	for <doc-jp@jp.freebsd.org>; Tue, 22 Feb 2000 21:04:31 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailsv4.nec.co.jp (mailsv4-le1 [192.168.1.93])
	by TYO202.gate.nec.co.jp (8.9.3/3.7W99122211) with ESMTP id VAA11622
	for <doc-jp@jp.freebsd.org>; Tue, 22 Feb 2000 21:04:30 +0900 (JST)
Received: from mmssv.mms.mt.nec.co.jp (mmssv.mms.mt.nec.co.jp [133.201.63.216]) by mailsv4.nec.co.jp (8.9.3/3.7W-MAILSV4-NEC) with ESMTP
	id VAA10831 for <doc-jp@jp.freebsd.org>; Tue, 22 Feb 2000 21:04:30 +0900 (JST)
Received: from koga.do.mms.mt.nec.co.jp (koga.do.mms.mt.nec.co.jp [10.16.5.16]) by mmssv.mms.mt.nec.co.jp (8.8.4+2.7Wbeta4/3.4W3MMS96052011) with ESMTP id VAA07496 for <doc-jp@jp.freebsd.org>; Tue, 22 Feb 2000 21:01:43 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by koga.do.mms.mt.nec.co.jp (8.9.3/3.7W-00011917) with ESMTP id VAA20483;
	Tue, 22 Feb 2000 21:04:28 +0900 (JST)
Message-Id: <200002221204.VAA20483@koga.do.mms.mt.nec.co.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <200002211211.VAA26121@mail.geocities.co.jp>
References: <200002200642.WAA10401@freefall.freebsd.org>
	<200002211211.VAA26121@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2pre9 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Tue, 22 Feb 2000 21:04:27 +0900 (JST)
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000221(IM139)
Lines: 89
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 7100
Subject: [doc-jp 7100] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:03.asmon
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
> SA-00:03.asmon $B$NK]Lu$G$9!#(B

$B$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:03                                           Security Advisory
$B!D(B $B$5$/$C$HN,(B $B!D(B
> FreeBSD $B8GM-@-(B: yes

$B:#$^$G$H0c$&$N$G!"$A$g$C$H0cOB46!#A1$70-$7$OJ]N1!#(B

> I.   $BGX7J(B - Background 
> 
> Two optional third-party ports distributed with FreeBSD can be used to
> execute commands with elevated privileges, specifically setgid kmem
> privileges. This may lead to a local root compromise.
> FreeBSD $B$NG[I[J*$K4^$^$l$F$$$F(B, $B%*%W%7%g%s$H$7$FF3F~$G$-$k(B
> $B$3$NFs$D$N(B Ports $B$O(B, $BB>$N%f!<%68"8B(B, $BFC$K(B, kmem $B%0%k!<%W$K(B
> setgid $B$7$F%3%^%s%I$r<B9T$9$k$?$a$KMxMQ$9$k$3$H$,$G$-$^$9(B.
> $B$3$l$O(B, $B%m!<%+%k$N(B root $B8"8B$,C%$o$l$k860x$H$J$j$^$9(B.

elevated $B$OLu=P$7$?$$$J$!!#(B
optional $B$H$+(B third-party $B$C$F$N$O!"(BFreeBSD $BK\BN$H$O4X78$J$$$>!"$H8@$$(B
$B$?$2$J46$8$,$9$k$1$I!"$5$i$C$HN.$9$+$J!#8e$G$b$/$I$/8@$C$F$$$k$1$I!#(B

$B!V$3$NFs$D$N%5!<%I%Q!<%F%#@=(B ports $B$O(B FreeBSD $B$NG[IUJ*$K4^$^$l$F$$$k$b(B
$B$N$G$9!#$3$l$i$O9b$$8"8B!"6qBNE*$K$O(B kmem $B%0%k!<%W$G(B setgid $B$5$l$?8"8B(B
$B$G%3%^%s%I$r<B9T$9$k$N$KMxMQ$9$k$3$H$,$G$-$^$9!#$3$N$?$a!"%m!<%+%k$N(B 
root $B8"8B$,C%$o$l$k$3$H$K$J$j$^$9!#!W(B

> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> Asmon and ascpu allow users to execute arbitrary commands as part of a user
> configuration file.
> asmon $B$H(B ascpu $B$G$O(B, $B%f!<%6@_Dj%U%!%$%k$K=q$+$l$F$$$k(B
> $BG$0U$N%3%^%s%I$r<B9T$7$^$9(B.

allow $B$O!V!A$G$-$k!W$H$7$?$$$G$9!#(B

$B!V(Basmon $B$*$h$S(B ascpu $B$O!"%f!<%6@_Dj%U%!%$%k$K5-=R$7$?G$0U$N%3%^%s%I$r(B
$B%f!<%6$,<B9T$9$k$3$H$,$G$-$k$h$&$K$J$C$F$$$^$9!#!W(B

> Both applications are Linux-centric as distributed by
> the vendor and require patching to run under FreeBSD (specifically, using
> the kvm interface and setgid kmem privileges to obtain system statistics);
> this patching was the source of the present security problem. This is a
> similar flaw to one found in the wmmon port, which was corrected on
> 1999/12/31.
> $B$I$A$i$bG[I[$O(B Linux $B$r9MN8$7$?$b$N$K(B
> $B$J$C$F$$$k$?$a(B, FreeBSD $B$GF0:n$5$;$k$K$O=$@5%Q%C%A(B($BFC$K(B,
> $B%7%9%F%`E}7W$rF@$k$?$a$N(B kvm $B%$%s%?!<%U%'%$%9$N;HMQ$H(B,
> kmem $B8"8B$X$N(B setgid)$B$,I,MW$G$9(B.
> $B$3$N=$@5%Q%C%A$,(B, $B%;%-%e%j%F%#LdBj$N860x$H$J$C$F$$$^$7$?(B.
> $B=$@5%Q%C%A$NITHw$O(B, 1999/12/31 $B$K=$@5$5$l$?(B wmmon $B$N(B Ports $B$K(B
> $B8+$i$l$?$b$N$HN`;w$7$?$b$N$G$9(B.

Linux-centric $B$K!V(BLinux $BCf?4<g5A!W$H$$$&5$;}$A$,$J$s$H$J$/8+$($^$9$,!"(B
$B!V(BLinux $B8~$1$K!W$/$i$$$K$7$F$*$/$H$$$$$G$7$g$&!#(B

$B!V$I$A$i$b(B Linux $B8~$1$K%Y%s%@!<$+$iG[IU$5$l$F$$$k$b$N$G$9!#(BFreeBSD $B$G(B
$B;HMQ$9$k>l9g!"%Q%C%A$rI,MW$H$7$^$9(B ($B6qBNE*$K$O!"(Bkvm $B%$%s%?%U%'!<%9$r;H(B
$BMQ$7$F%7%9%F%`$NE}7W$rF@$k$N$K(B kmem $B8"8B$G(B setgid $B$7$F$$$^$9(B) $B!#$3$N!D!W(B

> Note that neither utility is installed by default, nor are they "part of
> FreeBSD" as such: they are part of the FreeBSD ports collection, which
> contains over 3100 third-party applications in a ready-to-install format.
> $BCm0U$7$FM_$7$$$N$G$9$,(B, $B$I$A$i$N%f!<%F%#%j%F%#$b%G%U%)%k%H$G(B
> $B%$%s%9%H!<%k$5$l$^$;$s$7(B, FreeBSD $B$NItJ,$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
> $B$=$l$i$O(B FreeBSD Ports $B%3%l%/%7%g%s$N0l$D$G$9(B.
> FreeBSD Ports $B%3%l%/%7%g%s$K$O(B, 3100 $B$rD6$($k30It$N%"%W%j%1!<%7%g%s$,(B
> $B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$^$9(B.

$B!V%G%U%)%k%H$G!W"*!V%G%U%)%k%H$G$O!W(B
$B!V30It$N!W"*!V%5!<%I%Q!<%F%#@=$N!W(B

> FreeBSD makes no claim about the security of these third-party
> applications, although an effort is underway to provide a security audit of
> the most security-critical ports.
> FreeBSD $B$O(B, $B30It$N%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#LdBj$K4X$7$F(B
> $B$$$+$J$kMW5a$b$7$^$;$s$,(B, $BHs>o$K4m81$J%;%-%e%j%F%#>e$NLdBj$r4^$`(B
> Ports $B$rD4::$7(B, $B$=$N7k2L$rJs9p$9$k$H$$$&3hF0$r9T$J$C$F$$$^$9(B.

$B!V30It$N!W"*!V%5!<%I%Q!<%F%#@=$N!W(B


$B$3$s$J$H$3$+$J!#(B
----
$B$3$,$h$&$$$A$m$&(B
