From owner-freebsd-security  Tue May 13 14:46:38 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA17234
          for security-outgoing; Tue, 13 May 1997 14:46:38 -0700 (PDT)
Received: from wakko.efn.org (wakko.efn.org [198.68.17.6])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA17228
          for <security@freebsd.org>; Tue, 13 May 1997 14:46:35 -0700 (PDT)
Received: from garcia.efn.org (j_mini@garcia.efn.org [198.68.17.5])
	by wakko.efn.org (8.8.5/8.8.5) with ESMTP id OAA10612
	for <security@freebsd.org>; Tue, 13 May 1997 14:45:47 -0700 (PDT)
Received: from localhost (j_mini@localhost)
	by garcia.efn.org (8.8.5/8.8.5) with SMTP id OAA09911
	for <security@freebsd.org>; Tue, 13 May 1997 14:53:44 -0700 (PDT)
X-Authentication-Warning: garcia.efn.org: j_mini owned process doing -bs
Date: Tue, 13 May 1997 14:53:43 -0700 (PDT)
From: Jonathan Mini <j_mini@efn.org>
To: security@freebsd.org
Subject: /usr/sbin/wall is suid root.
Message-ID: <Pine.SUN.3.95.970513145202.9656A-100000@garcia.efn.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

  Personally, I think that being able to transmit an abatrary string of
characters to every user's console on the system is a bit of a security
hole. ANSI keyboard reassignments come to mind.

Jonathan Mini (j_mini@efn.org)

... Desolation ... Despair ... Plastic Forks ...