From owner-freebsd-security Tue Feb 4 08:04:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA23222 for security-outgoing; Tue, 4 Feb 1997 08:04:04 -0800 (PST) Received: from Mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA23213 for ; Tue, 4 Feb 1997 08:04:01 -0800 (PST) Received: from Jupiter.Mcs.Net (Jupiter.mcs.net [192.160.127.88]) by Mailbox.mcs.com (8.8.5/8.8.2) with ESMTP id KAA19876; Tue, 4 Feb 1997 10:03:50 -0600 (CST) Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id KAA18948; Tue, 4 Feb 1997 10:03:45 -0600 (CST) From: Karl Denninger Message-Id: <199702041603.KAA18948@Jupiter.Mcs.Net> Subject: Re: Question: 2.1.7? To: jgreco@solaria.sol.net (Joe Greco) Date: Tue, 4 Feb 1997 10:03:45 -0600 (CST) Cc: karl@Mcs.Net, spork@super-g.com, danny@panda.hilink.com.au, security@FreeBSD.ORG In-Reply-To: <199702041600.KAA00609@solaria.sol.net> from "Joe Greco" at Feb 4, 97 10:00:58 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > Warning! > > > > There are static-linked executables which are shipped SUID with most FreeBSD > > implementations. THESE MUST BE RECOMPILED ALSO! > > > > Make very, very sure you don't have any old SUID executables laying around. > > If you do, you're vulnerable even with a libc fix. > > Warning! > > You pretty much have to recompile the entire system, to be safe. > > Otherwise there will come a time when someone discovers a vulnerability > due to a non-SUID executable being forked off (perhaps several layers deep) > by a SUID program or other program being run by root... > > Paranoid? Yes. True? Sadly. > > I am very interested in this whole topic... > > ... Joe > > ------------------------------------------------------------------------------- > Joe Greco - Systems Administrator jgreco@ns.sol.net > Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 That was basically what I was saying.... "make world" is pretty much required. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 773 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal