Out of curiosity: have those findings officially been reported? Is someone working on them? https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf If not, shall I extract them? Maybe we should start an "audit a subsystem" week ;) erdgeist
I haven't read the paper yet, and I'm surely not up on things enough to know what I'm looking at, but are these 0-days? If so, do they store them up so they can present at defcon? --Joey> Out of curiosity: > > have those findings officially been reported? Is someone working on them? > > https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf > > If not, shall I extract them? > > Maybe we should start an "audit a subsystem" week ;) > > erdgeist > _______________________________________________ > freebsd-security at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe at freebsd.org" >-- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550
On 07/28/2017 08:08, Dirk Engling wrote:> Out of curiosity: > > have those findings officially been reported? Is someone working on them? > > https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf > > If not, shall I extract them? >That link doesn't work for me: # fetch "https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf" No server SSL certificate fetch: https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf: Authentication error # fetch "http://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf" fetch: http://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf: No error: 0 -- Yonas Yanfa In Love With Open Source Drupal <http://drupal.org/user/473174> :: GitHub <http://github.com/yonas> :: Mozilla <https://addons.mozilla.org/en-US/thunderbird/user/4614995/> fizk.net | yonas at fizk.net
Dirk Engling <erdgeist at erdgeist.org> writes:> have those findings officially been reported? Is someone working on > them?Speaking as a secteam member but not on behalf of so@, we are aware of these issues but did not get sufficient advance notice to fix them in time for DefCon. DES -- Dag-Erling Sm?rgrav - des at des.no