From owner-freebsd-security  Fri May 17 02:08:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id CAA00323
          for security-outgoing; Fri, 17 May 1996 02:08:48 -0700 (PDT)
Received: from nervosa.com (root@nervosa.com [192.187.228.86])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id CAA00318
          for <freebsd-security@freebsd.org>; Fri, 17 May 1996 02:08:44 -0700 (PDT)
Received: from onyx.nervosa.com (coredump@onyx.nervosa.com [10.0.0.1]) by nervosa.com (8.7.5/8.7.3) with SMTP id CAA22740; Fri, 17 May 1996 02:08:41 -0700 (PDT)
Date: Fri, 17 May 1996 02:08:40 -0700 (PDT)
From: invalid opcode <coredump@nervosa.com>
To: freebsd-security@freebsd.org
cc: jkh@time.cdrom.com
Message-ID: <Pine.BSF.3.91.960517020638.21586C-100000@onyx.nervosa.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

FWIW, I just forwarded the quick fix of chmod u-s /sbin/mount_union and a 
copy of the problem to root@everyone on www.freebsd.org 's gallery of 
freebsd'ers. Considering the bug details have already been posted to 
BUGTRAQ and BoS, there is really nothing you can do after that to stop 
the "bad guys" from hearing about it as they are most definetly on those 
lists.

== Chris Layne ======================================== Nervosa Computing ==
== coredump@nervosa.com ================ http://www.nervosa.com/~coredump ==