Date: Thu, 10 Aug 2000 21:33:54 -0600 From: Warner Losh <imp@village.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, freebsd-security@FreeBSD.ORG Subject: Re: suidperl exploit Message-ID: <200008110333.VAA31525@harmony.village.org> In-Reply-To: Your message of "Thu, 10 Aug 2000 14:36:25 PDT." <Pine.BSF.4.21.0008101434470.54452-100000@freefall.freebsd.org> References: <Pine.BSF.4.21.0008101434470.54452-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0008101434470.54452-100000@freefall.freebsd.org> Kris Kennaway writes: : I believe FreeBSD to be safe from this particular misfeature - FreeBSD's : mail(1) program lives in another location, as already noted, and I don't : even know if it supports the required features to exploit it. We do support getting variables from the environment in our mail. We need to look into all the implications. Of course, most programs on the system use sendmail directly. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008110333.VAA31525>