Date: Sat, 23 Sep 2000 09:14:08 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: "Vanilla I. Shu" <vanilla@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/audio/esound/patches patch-ac Message-ID: <200009231314.e8NDE8537221@green.dyndns.org> In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.org> of "Sat, 23 Sep 2000 02:11:46 PDT." <Pine.BSF.4.21.0009230211370.64889-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 23 Sep 2000, Vanilla I. Shu wrote: > > > vanilla 2000/09/23 01:21:23 PDT > > > > Modified files: > > audio/esound/patches patch-ac > > Log: > > Add a patch that fixes the vulnerability. > > > > Submitted by: ade > > What vulnerability? The one I fixed already, of course. More importantly, this change is a reversion to more insecure behavior (new hole: mode 777 directory in a user's home directory) and should be backed out immediately. Needless to say, the BugTraq poster was a complete idiot and did not actually fix things with the posted "patch". I've been tempted to say so; misinformation is just about as bad as not knowing about a vulnerability since you can be fooled into THINKING you've fixed the issues. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009231314.e8NDE8537221>