From owner-cvs-all@FreeBSD.ORG Tue Jan 25 13:57:38 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49E1916A4CE; Tue, 25 Jan 2005 13:57:38 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id D948243D49; Tue, 25 Jan 2005 13:57:37 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 6DC2A3E2C23; Tue, 25 Jan 2005 07:57:37 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 1001) id 8E806594E65; Tue, 25 Jan 2005 07:57:34 -0600 (CST) Date: Tue, 25 Jan 2005 07:57:34 -0600 From: "Jacques A. Vidrine" To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Message-ID: <20050125135734.GA5662@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org References: <200501251355.j0PDt7gB049014@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200501251355.j0PDt7gB049014@repoman.freebsd.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: Re: cvs commit: ports/chinese/zhcon Makefile ports/chinese/zhcon/files patch-src::configfile.cpp X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 13:57:38 -0000 On Tue, Jan 25, 2005 at 01:55:06PM +0000, Jacques A. Vidrine wrote: > nectar 2005-01-25 13:55:06 UTC > > FreeBSD ports repository > > Modified files: > chinese/zhcon Makefile > Added files: > chinese/zhcon/files patch-src::configfile.cpp > Log: > The set-user-ID binary zhcon normally reads it's user-specified > configuration file as root. Drop privileges before opening the file to > prevent a local user from reading arbitrary files. > > Reported by: Erik Sjölund > Obtained from: Debian I forgot to mention that this is http://vuxml.freebsd.org/d371b627-6ed5-11d9-bd18-000a95bc6fae.html . Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org