From owner-freebsd-ports Wed Oct 23 19:58:17 1996 Return-Path: owner-ports Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA02418 for ports-outgoing; Wed, 23 Oct 1996 19:58:17 -0700 (PDT) Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [128.120.56.38]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA02408 for ; Wed, 23 Oct 1996 19:58:13 -0700 (PDT) Received: (from obrien@localhost) by relay.nuxi.com (8.7.5/8.6.12) id TAA15205; Wed, 23 Oct 1996 19:58:30 -0700 (PDT) Message-Id: <199610240258.TAA15205@relay.nuxi.com> Date: Wed, 23 Oct 1996 19:58:29 -0700 From: obrien@NUXI.cs.ucdavis.edu (David E. O'Brien) To: freebsd-ports@FreeBSD.ORG Subject: Re: ports/1792: new port, splitvt References: <199610222106.OAA27196@dog.farm.org> <199610230345.UAA10803@relay.nuxi.com> <199610230933.LAA18519@keltia.freenix.fr> X-Mailer: Mutt 0.48.1-PL0 Mime-Version: 1.0 X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 In-Reply-To: <199610230933.LAA18519@keltia.freenix.fr>; from Ollivier Robert on Oct 23, 1996 11:33:36 +0200 Sender: owner-ports@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Ollivier Robert writes: > > Beware that splitvt was the target for a CERT advisory because one of the > version had a security hole you could drive a PPro running Linux through > (splitvt originated on Linux). > > The latest version has this fixed but we probably should read the code > carefully as it has to be setuid root... It is still useful w/o setuid root: relay:~> ll /usr/local/bin/splitvt -r-xr-xr-x 1 bin bin 40960 Oct 13 18:02 /usr/local/bin/splitvt* Because of the Cert advisory, I explicitly didn't make this setuid root. I may change that after sitting down with the Author (he is an undergrad in my department) and going over the code. -- -- David (obrien@cs.ucdavis.edu)