From owner-freebsd-security Thu Dec 16 6:17:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3223514DBD for ; Thu, 16 Dec 1999 06:17:50 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id JAA26876; Thu, 16 Dec 1999 09:18:00 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Thu, 16 Dec 1999 09:18:00 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Warner Losh Cc: Chris England , freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) In-Reply-To: <199912160615.XAA69151@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Dec 1999, Warner Losh wrote: > In message Chris England writes: > : I personally have not tested this. I'm not too big on games, but I would > : recommend anyone who has this game installed suid-root to test the snippet > : code against it and post the results to this list. > > The bugtraq guys forwarded the report to SO before they sent it to > bugtraq. We had it fixed within a couple of hours (and it would have > been faster if we weren't in ports freeze). So, I'm sorry, could you be specific here: was this problem reported to security-officer@freebsd.org, or reported via a send-pr, or not reported to us? Would it be feasible for someone to go disable setuid bits in all the games/ tree? :-) Why was xsoldier setuid? Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message