From owner-freebsd-stable  Sat Oct  7 16:50:13 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 1E53337B502
	for <stable@FreeBSD.org>; Sat,  7 Oct 2000 16:50:11 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.0/8.11.0) with ESMTP id e97No9Y00423;
	Sat, 7 Oct 2000 17:50:09 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA00780; Sat, 7 Oct 2000 17:50:08 -0600 (MDT)
Message-Id: <200010072350.RAA00780@harmony.village.org>
To: behanna@zbzoom.net
Subject: Re: Security problem with "script"? 
Cc: FreeBSD-Stable <stable@FreeBSD.org>
In-reply-to: Your message of "Sat, 07 Oct 2000 16:41:13 EDT."
		<Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org> 
References: <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org>  
Date: Sat, 07 Oct 2000 17:50:08 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org> Chris BeHanna writes:
:     Er, wouldn't that give a user root access to do anything he or she
: wanted?

Yes.  That's the logical conclusion if you give someone shell access,
or access to any program that can fork a shell.  "TOYOTA: You asked
for it, you got it."

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message