From owner-freebsd-security  Fri Dec 31 15:41:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 6770115648
	for <freebsd-security@FreeBSD.ORG>; Fri, 31 Dec 1999 15:41:33 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA52234;
	Fri, 31 Dec 1999 16:41:31 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA18868; Fri, 31 Dec 1999 16:41:31 -0700 (MST)
Message-Id: <199912312341.QAA18868@harmony.village.org>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) 
Cc: Chris England <cengland@obscurity.org>,
	freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Thu, 16 Dec 1999 09:18:00 EST."
		<Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> 
References: <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org>  
Date: Fri, 31 Dec 1999 16:41:31 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> Robert Watson writes:
: So, I'm sorry, could you be specific here: was this problem reported to
: security-officer@freebsd.org, or reported via a send-pr, or not reported
: to us?

Reported to a swamped security officer.

: Would it be feasible for someone to go disable setuid bits in all the
: games/ tree? :-)  Why was xsoldier setuid?

High scores.

We'll be bringing on someone to the security officer team after the
first of the year to help us keep up with ports.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message