freebsd security - Jun 2010 - alleged freebsd local root exploit youtube video

Hi all,

Several people have written to me over the past couple of days to ask about a
youtube video which allegedly shows a local root vulnerability in 8.1-beta1
being exploited.

It is possible that the video is real and someone has found a vulnerability.

It is also possible that the video is completely fake.  There is no evidence
on the video which is remotely conclusive in either direction.  Given that
the producer of the video doesn't seem to know how to spell my name (one L,
not two!) I'm inclined to suspect the latter.

If the producer of the video has in fact discovered a FreeBSD vulnerability,
I would invite him to contact secteam@freebsd.org; he would get his name in
the Credits section of the resulting advisory.

Otherwise, I suggest that youtube videos of this nature be ignored.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid