7.5 Addendum
Note
Thursday, November 15, 2007
Since the vulnerability has been fixed and a new version of the XNU kernel of OS X is available, I released a detailed security advisory on my website today.[80] The bug was assigned CVE-2007-4686.
After I published the advisory, Theo de Raadt (the founder of OpenBSD and OpenSSH) hinted that this bug is older than 4.4BSD and was fixed roughly 15 years ago by everyone but Apple. In the initial revision of FreeBSD from 1994, the implementation of the TIOCSETD
IOCTL looks like this:[81]
[..] 804 case TIOCSETD: { /* set line discipline */ 805 register int t = *(int *)data; 806 dev_t device = tp->t_dev; 807808 if ((u_int)t >= nlinesw)
809 return (ENXIO);
810 if (t != tp->t_line) { 811 s = spltty(); 812 (*linesw[tp->t_line].l_close)(tp, ...
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.