Date: Thu, 14 Nov 2002 17:04:30 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Knud Erik H?jgaard <knud@skodliv.dk>, ports@freebsd.org, mita@FreeBSD.org Subject: Re: security problem in /usr/ports/comms/efax Message-ID: <20021114230430.GA63546@madman.nectar.cc> In-Reply-To: <20021114224806.GF11972@rot13.obsecurity.org> References: <039801c28c0d$07d52d70$24029dd9@tuborg> <20021114224806.GF11972@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 14, 2002 at 02:48:21PM -0800, Kris Kennaway wrote: > On Thu, Nov 14, 2002 at 07:38:29PM +0100, Knud Erik H?jgaard wrote: > > ===> SECURITY NOTE: > > This port has installed the following binaries which execute with > > increased privileges. > > 326461 192 -rwsr-xr-x 1 uucp dialer 97432 Nov > > 14 19:13 /usr/local/bin/efax [...] > Thanks for your note. I have marked the port FORBIDDEN for now until > someone can review and commit your patch. [...] Just FYI, this efax application is the same one that is and has been bundled with KDE's kdeutils package --- or at least they have the same heritage. The kdeutils package no longer installs efax set-user-ID since about kdeutils 2.2.2. You can google for `kdeutils efax security' to find more information. The kdeutils efax may already have a fix... Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021114230430.GA63546>