From owner-freebsd-security Wed Feb 5 08:05:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA12735 for security-outgoing; Wed, 5 Feb 1997 08:05:29 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA09467; Wed, 5 Feb 1997 08:03:39 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id RAA16464; Wed, 5 Feb 1997 17:01:24 +0100 (MET) From: Guido van Rooij Message-Id: <199702051601.RAA16464@gvr.win.tue.nl> Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE In-Reply-To: <199702051447.IAA11557@solaria.sol.net> from Joe Greco at "Feb 5, 97 08:47:11 am" To: jgreco@solaria.sol.net (Joe Greco) Date: Wed, 5 Feb 1997 17:01:24 +0100 (MET) Cc: Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > PERFECT!!! We have a solution :-) (this was the most worrisome security > hole, the smaller ones like talkd could be "patched" much more easily). > > But could you be a little more vague, please? Where do I get it from? :-) > > I don't see it on Freefall... a DejaNews search doesn't turn anything up... > Ah. I see it on the security list archive. > > Jordan: once we have it tested, can we get this posted somewhere and make > big blinking neon signs that PEOPLE NEED TO RUN THIS? I'm gonna compile > it up and try it shortly. > > With this, it would be MUCH simpler to release a "security binary kit" > upgrade to 2.1.X series systems. There's still one thing to add to lfix: it should call chflags(2) when it is required. -Guido