From owner-freebsd-security Fri May 17 01:26:58 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA26911 for security-outgoing; Fri, 17 May 1996 01:26:58 -0700 (PDT) Received: from nervosa.com (root@nervosa.com [192.187.228.86]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA26900; Fri, 17 May 1996 01:26:53 -0700 (PDT) Received: from onyx.nervosa.com (coredump@onyx.nervosa.com [10.0.0.1]) by nervosa.com (8.7.5/8.7.3) with SMTP id BAA21562; Fri, 17 May 1996 01:26:44 -0700 (PDT) Date: Fri, 17 May 1996 01:26:43 -0700 (PDT) From: invalid opcode To: "Jordan K. Hubbard" cc: freebsd-security@freebsd.org, security-officer@freebsd.org Subject: Re: very bad In-Reply-To: <13470.832320504@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 17 May 1996, Jordan K. Hubbard wrote: > Ow! :-( > > Thanks for reporting this! > > You know though, for ones this bad I'd really rather you sent the > message to security-officer@freebsd.org rather than freebsd-security > in the future. There are easily over 1000 people on this list and you > just announced a cookbook method for any shell account user to go root > on a FreeBSD based ISP box; hardly the kind of information one would > want to see widely circulated without a prepared fix, at the > least. :-( > Jordan Too bad it's already on BUGTRAQ and BoS which is way more than 1000 :-( And I would have sent it to security-officer@freebsd.org had I even known of such an address. The prepared fix is chmod u-s /sbin/mount_union. == Chris Layne ======================================== Nervosa Computing == == coredump@nervosa.com ================ http://www.nervosa.com/~coredump ==