Date: Wed, 19 Feb 1997 04:28:55 -0800 From: David Greenman <dg@root.com> To: Reinier Bezuidenhout <rbezuide@oskar.nanoteq.co.za> Cc: jas@flyingfox.COM, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <199702191228.EAA11960@root.com> In-Reply-To: Your message of "Sat, 19 Feb 1997 10:56:11 %2B0200." <199702190856.KAA26329@oskar.nanoteq.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
>Why I posted this is that I though someone said it was fixed in 2.1.6, >but I was wrong since I noticed (tested) it on 2.1.7 and later and >it does NOT work there. It was sort of fixed in 2.1.6 - coredumps of 'normal' setuid programs are prevented, but rlogin is a special case that still could coredump (the original parent can't, but the child it forks can). This was fixed in 2.1.7. >mail it ... but would rather not :) ... but seeing that 2.1.7 >has been released, there is no point in worrying about this anymore >... right ? Right. If people chose not to upgrade to 2.1.7, then they've got bigger security holes to worry about. :-) -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702191228.EAA11960>