[原文]procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
FreeBSD procfs Per-process mem / ctl File Child Process Handling Local Privilege Escalation
Local Access Required
Loss of Integrity
FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when procfs fails to properly restrict access to per-process mem and ctl files, which allows a malicious user to gain root privileges by forking a child process and executing privileged processes from the child. This flaw may lead to a loss of integrity.
Upgrade to version FreeBSD system to 3.5.1-STABLE or 4.2-STABLE dated after the correction date, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): (1) unmount all procfs filesystems which are visible from within jail environments and (2) Remove the "options PROCFS" line from your kernel configuration file, if present, and compile a new kernel.
Also, FreeBSD has released a patch.