[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall hangs
 Date:  Thu, 12 Oct 2006 18:18:27 -0400
On 10/12/06, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote:
> Yeah, last time I checked you have to be able to log into m0n0wall and
> if you do you must be the admin, so why you would DoS your own firewall
> is well up to the admin I guess :-)  Unless you can do something with
> the user accounts you can setup access to m0n0wall with that I'm not
> aware of.

Nope, no other user accounts are available, or even possible to
create.  Since it's a local issue, you have to be logged in for it to
happen, and the only login has root privileges...yeah, who cares about
DoS if you have root privs already.

Aside from that, it's a reported issue in 6.0, and older versions are
unconfirmed.  Historically, most 5.x and 6.x security-related bugs
haven't applied to 4.x.

There are a whole slew of ways for a local unprivileged user to DoS a
system, aside from bugs, which is why most OS's treat these things as
bugs/errata and not security issues.  Linux did it first, now FreeBSD
seems to be following suit.