From owner-freebsd-questions  Sun Mar 29 22:35:48 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA26123
          for freebsd-questions-outgoing; Sun, 29 Mar 1998 22:35:48 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA26117
          for <questions@FreeBSD.ORG>; Sun, 29 Mar 1998 22:35:45 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id WAA23699;
          Sun, 29 Mar 1998 22:35:39 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Sun, 29 Mar 1998 22:35:39 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: unix3@usa.net
cc: questions@FreeBSD.ORG
Subject: Re: your mail
In-Reply-To: <19980329024233.801.qmail@www0a.netaddress.usa.net>
Message-ID: <Pine.BSF.3.96.980329223254.23543T-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 29 Mar 1998 unix3@usa.net wrote:

> i noticed though that this version (2.2.5) came with
> perl 4. 

2.2.6 just came the other day, btw.

> is this version exploitable to gain root access? or did
> you very well patch it? should i go and change to the 
> newest version? or have you fixed it when it was released?

I don't know if the supplied version is exploitable or not.  Run Perl
scripts suid root is dangerous anyway, and should probably be disabled by
deleteing sperl* from your /usr/bin directory.

> also is there a place where i can get a list of any 
> other out of the box bugs that i should fix? or the patches
> for all of them at once? or something like that?

See http://www.freebsd.org/releases/2.2.5R/errata.html for important
notes, and ftp://ftp.freebsd.org/pub/FreeBSD/CERT/ for any outstanding
security advisories.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message