From owner-freebsd-security  Fri Jan 10 15:09:22 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id PAA08462
          for security-outgoing; Fri, 10 Jan 1997 15:09:22 -0800 (PST)
Received: from maslow.cia-g.com (root@maslow.cia-g.com [206.206.162.5])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id PAA08455
          for <freebsd-security@freebsd.org>; Fri, 10 Jan 1997 15:09:20 -0800 (PST)
Received: from maslow.cia-g.com (lithium@maslow.cia-g.com [206.206.162.5]) by maslow.cia-g.com (8.8.4/8.7.3) with SMTP id QAA27599; Fri, 10 Jan 1997 16:08:55 -0700 (MST)
Date: Fri, 10 Jan 1997 16:08:55 -0700 (MST)
From: Stephen Fisher <lithium@cia-g.com>
To: Warner Losh <imp@village.org>
cc: Steve Reid <steve@edmweb.com>, freebsd-security@freebsd.org
Subject: Re: Obvious fix for tempfile race conditions? 
In-Reply-To: <E0viaIK-0006bf-00@rover.village.org>
Message-ID: <Pine.BSI.3.95.970110160609.27393B-100000@maslow.cia-g.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Thu, 9 Jan 1997, Warner Losh wrote:

> In message <Pine.BSF.3.95.970109214858.1613A-100000@bitbucket.edmweb.com> Steve Reid writes:
> : Just because it _can_ be done safely doesn't mean that it _is_ being
> : done safely. 
> 
> But it *IS* being done safely on OpenBSD.  I see no reason why it
> can't be so on FreeBSD.  The example you cited was just security
> ignorance on the part of the /etc/security writer.

If OpenBSD is so much better why doesn't anyone else get word of OpenBSD's
fixes?

> Not really.  There are so many holes in FreeBSD right now, I doubt it
> would slow them down much.  Holes I'm working on closing, BTW.  Here
> "so many" mean "at least one known that gives you root."

Anything helps.
 

 - Steve
  - Systems Manager
  - Community Internet Access, Inc.
  - Gallup and Grants, New Mexico