From owner-freebsd-security  Thu Aug 10 14:36:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id C3C5037BA2B; Thu, 10 Aug 2000 14:36:25 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA55604;
	Thu, 10 Aug 2000 14:36:25 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Thu, 10 Aug 2000 14:36:25 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: suidperl exploit
In-Reply-To: <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>
Message-ID: <Pine.BSF.4.21.0008101434470.54452-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 10 Aug 2000, Vladimir Mencl, MK, susSED wrote:

> I just came over the suidperl + mail vulnerability in Linux, and I was
> wondering whether it would work in FreeBSD.

I believe FreeBSD to be safe from this particular misfeature - FreeBSD's
mail(1) program lives in another location, as already noted, and I don't
even know if it supports the required features to exploit it.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message