From owner-freebsd-security  Tue Sep  5 10:23:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC3EE37B42C; Tue,  5 Sep 2000 10:23:12 -0700 (PDT)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id KAA20265;
	Tue, 5 Sep 2000 10:23:12 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Tue, 5 Sep 2000 10:23:12 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: freebsd-security@freebsd.org, security-officer@freebsd.org
Subject: Re: UNIX locale format string vulnerability (fwd)
In-Reply-To: <200009051354.e85Dshb28813@cwsys.cwsent.com>
Message-ID: <Pine.BSF.4.21.0009051020390.17724-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 5 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote:

> Wouldn't a FreeBSD system with Linux compatibility being utilised be 
> vulnerable too?

Yes, but only if you've installed a vulnerable linux binary which is
setuid or setgid something. We don't install any set[ug]id binaries in the
linux_base or linux_devtools ports.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message