Date: Mon, 1 Jul 2002 09:57:19 -0400 From: Chris Johnson <cjohnson@palomine.net> To: Dag-Erling Smorgrav <des@ofug.org> Cc: security@freebsd.org Subject: Re: security risk: ktrace(2) in FreeBSD prior to -current. Message-ID: <20020701135719.GA65770@palomine.net> In-Reply-To: <xzp65zzk2ds.fsf@flood.ping.uio.no> References: <200206301817.EAA05639@caligula.anu.edu.au> <xzp65zzk2ds.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 01, 2002 at 03:23:59PM +0200, Dag-Erling Smorgrav wrote:
> Darren Reed <avalon@coombs.anu.edu.au> writes:
> > With OpenSSH 3.4, ssh-keysign gets installed setuid-root.
>
> Not in FreeBSD.
Are you sure?
===> Registering installation for openssh-portable-3.4p1_2
===> SECURITY NOTE:
This port has installed the following binaries which execute with
increased privileges.
95440 296 -rws--x--x 1 root wheel 150996 Jul 1 09:54 /usr/local/libexec/ssh-keysign
Chris Johnson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020701135719.GA65770>