From owner-freebsd-security Sat Mar 27 20:50:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p6-max5.wlg.ihug.co.nz [202.49.241.6]) by hub.freebsd.org (Postfix) with ESMTP id 83EF01534D for ; Sat, 27 Mar 1999 20:50:17 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id QAA10976; Sun, 28 Mar 1999 16:48:42 +1200 (NZST) Message-Id: <199903280448.QAA10976@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: Warner Losh Cc: Gustavo Rios , freebsd-security@FreeBSD.ORG Subject: Re: suid/guid In-reply-to: Your message of "Sat, 27 Mar 1999 19:14:29 MST." <199903280214.TAA78932@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 28 Mar 1999 16:48:41 +1200 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In message <36FC7066.1FE66497@netshell.com.br> Gustavo Rios writes: > : Is there any suid/guid bit set file exploitable on systems 2.2.8-Stable? > > Not the the best of my knowledge. > > Warner > FreeBSD Security Officer Does 2.2.8-STABLE exist? I thought 2.2.8 had stopped at RELEASE. There was some discussion, and I gather a 2.2.8 ports collection is on the net. Unless this is being kept up to date, it will include some security holes. eg ports for lsof and super were updated to cover security holes in suid binaries not long back, but this may not be reflected in old ports collections. Andrew McNaughton -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message