From owner-freebsd-security Wed Sep 1 9:50:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 57BDE14DA5 for ; Wed, 1 Sep 1999 09:50:52 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Wed, 1 Sep 1999 10:50:32 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma009798; Wed, 1 Sep 99 10:50:15 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA22186; Wed, 1 Sep 1999 10:49:08 -0600 (MDT) Date: Wed, 1 Sep 1999 10:49:08 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com Reply-To: Paul Hart To: freebsd-security@freebsd.org Subject: No patch yet for fts? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It looks like we've got kernel patches now to prevent core dumps from following symbolic links which is excellent, but has anyone looked at committing OpenBSD's fts(3) patch? See: http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=199908271534.JAA27164@xerxes.cs.colorado.edu http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c?r1=1.18&r2=1.19 It looks like integrating that patch would allow us to put this entire fts hole behind us for good. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message