Date: Tue, 03 Aug 1999 12:18:18 -0400 (EDT) From: Seth <seth@freebie.dp.ny.frb.org> To: security@freebsd.org Subject: chflags() [heads up] (fwd) Message-ID: <Pine.BSF.4.10.9908031217560.39607-100000@freebie.dp.ny.frb.org>
next in thread | raw e-mail | index | archive | help
FYI... this hit bugtraq today. SB ---------- Forwarded message ---------- Date: Sun, 01 Aug 1999 19:20:45 +0300 From: Adam Morrison <adam@XPERT.COM> To: BUGTRAQ@SECURITYFOCUS.COM Subject: chflags() [heads up] >From the OpenBSD change logs: RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v ---------------------------- revision 1.59 date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 do not permit regular users to chflags/fchflags on chr or blk devices -- even if they happen to own them at the moment. NetBSD-current has this fixed as of the following revision of vfs_syscalls.c. $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos >From quick inspection, FreeBSD appears to be vulnerable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908031217560.39607-100000>