From owner-freebsd-security  Tue Feb  4 08:01:08 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id IAA23010
          for security-outgoing; Tue, 4 Feb 1997 08:01:08 -0800 (PST)
Received: from anacreon.sol.net (anacreon.sol.net [206.55.64.116])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA23005
          for <security@FreeBSD.ORG>; Tue, 4 Feb 1997 08:01:04 -0800 (PST)
Received: from solaria.sol.net (solaria.sol.net [206.55.65.75]) by anacreon.sol.net (8.6.12/8.6.12) with ESMTP id KAA23214; Tue, 4 Feb 1997 10:01:02 -0600
Received: from localhost by solaria.sol.net (8.5/8.5)
	id KAA00609; Tue, 4 Feb 1997 10:00:59 -0600
From: Joe Greco <jgreco@solaria.sol.net>
Message-Id: <199702041600.KAA00609@solaria.sol.net>
Subject: Re: Question: 2.1.7?
To: karl@Mcs.Net (Karl Denninger)
Date: Tue, 4 Feb 97 10:00:58 CST
Cc: spork@super-g.com, danny@panda.hilink.com.au, security@FreeBSD.ORG
In-Reply-To: <199702041551.JAA18527@Jupiter.Mcs.Net> from "Karl Denninger" at Feb 4, 97 09:51:23 am
X-Mailer: ELM [version 2.4dev PL65]
MIME-Version: 1.0
Content-Type: text
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Warning!
> 
> There are static-linked executables which are shipped SUID with most FreeBSD
> implementations.  THESE MUST BE RECOMPILED ALSO!
> 
> Make very, very sure you don't have any old SUID executables laying around.
> If you do, you're vulnerable even with a libc fix.

Warning!

You pretty much have to recompile the entire system, to be safe.

Otherwise there will come a time when someone discovers a vulnerability
due to a non-SUID executable being forked off (perhaps several layers deep)
by a SUID program or other program being run by root...

Paranoid?  Yes.  True?  Sadly.

I am very interested in this whole topic...

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847