On Tue, Aug 20, 2019 at 04:01:39PM -0600, Ian Lepore wrote: > On Wed, 2019-08-21 at 04:55 +0700, Eugene Grosbein wrote: > > 21.08.2019 3:12, FreeBSD Security Advisories wrote: > > > > [skip] > > > > > IV. Workaround > > > > > > No workaround is available. Custom kernels without "device sound" > > > are not vulnerable. > > > > Is it true that there is no way to disable vulnerable and unneeded > > device driver > > built in GENERIC other that through rebuilding the kernel? > > > > I remember that pre-4.x versions of FreeBSD had visual VGA-based pre- > > boot configurator > > allowing to disable any compiled-in device driver. Don't > > device.hints(5) or loader(8) have means to do so? > > > > These days GENERIC have LOTS of drivers and it's convenient but > > unsafe. > > > > "No workaround" just seems to be wrong. Aside from setting the > disabled hint to turn off the driver (or using devctl to turn it off on > a live system), the exploit also requires opening /dev/midistat, so a > viable workaround is to change its permissions so that users can't open > it.
Yeah, this was an oversight. The SA text will be amended. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
