Date: Sun, 9 Nov 2003 03:28:08 -0800 From: Kris Kennaway <kris@obsecurity.org> To: kirt <krs@gaultopia.org> Cc: freebsd-questions@freebsd.org Subject: Re: vulnerability in su? Message-ID: <20031109112808.GA94834@xor.obsecurity.org> In-Reply-To: <20031109012325.GD829@yttrium.gaultopia.org> References: <20031109012325.GD829@yttrium.gaultopia.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 08, 2003 at 08:23:25PM -0500, kirt wrote: > is this a known issue? i didn't search to hard for a fix or anything sin= ce i quickly=20 > fixed it myself, but i thought that a situation like that could make for = some interesting=20 > (read *bad*) situations. It's certainly possible to compromise your system in this way if you incorrectly update your /etc (e.g. by making a mistake with mergemaster). Kris --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/riTIWry0BWjoQKURApy4AKCo5f1uccuLnLjy4rpCsmw7xCpmtwCg1Y1E Ei9Y8i5NV0ZyUc46Vw5Kues= =zVqx -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031109112808.GA94834>