From owner-freebsd-security  Tue Feb  4 12:14:57 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id MAA09355
          for security-outgoing; Tue, 4 Feb 1997 12:14:57 -0800 (PST)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA09346
          for <security@FreeBSD.ORG>; Tue, 4 Feb 1997 12:14:51 -0800 (PST)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id HAA00857; Wed, 5 Feb 1997 07:14:24 +1100 (EST)
Date: Wed, 5 Feb 1997 07:14:23 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Karl Denninger <karl@Mcs.Net>
cc: spork <spork@super-g.com>, jgreco@solaria.sol.net, security@FreeBSD.ORG
Subject: Re: Question: 2.1.7?
In-Reply-To: <199702041551.JAA18527@Jupiter.Mcs.Net>
Message-ID: <Pine.BSF.3.91.970205071344.822A-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Tue, 4 Feb 1997, Karl Denninger wrote:

> 
> There are static-linked executables which are shipped SUID with most FreeBSD
> implementations.  THESE MUST BE RECOMPILED ALSO!
> 
> Make very, very sure you don't have any old SUID executables laying around.
> If you do, you're vulnerable even with a libc fix.

Thanks, I am aware of this.  The package will include replacement static 
suid binaries.

Cheers,

Danny