From owner-freebsd-security  Sun Aug 10 07:23:47 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id HAA22706
          for security-outgoing; Sun, 10 Aug 1997 07:23:47 -0700 (PDT)
Received: from netrail.net (netrail.net [205.215.10.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA22701
          for <freebsd-security@FreeBSD.ORG>; Sun, 10 Aug 1997 07:23:43 -0700 (PDT)
Received: from localhost (jonz@localhost)
	by netrail.net (8.8.6/8.8.6) with SMTP id KAA13556;
	Sun, 10 Aug 1997 10:22:54 GMT
Date: Sun, 10 Aug 1997 10:22:53 +0000 (GMT)
From: "Jonathan A. Zdziarski" <jonz@netrail.net>
To: Brian Mitchell <brian@firehouse.net>
cc: bugtraq@netspace.org, freebsd-security@FreeBSD.ORG
Subject: Re: procfs hole
In-Reply-To: <Pine.NEB.3.96.970810052824.3287A-100000@apocalypse.saturn.net>
Message-ID: <Pine.BSF.3.95q.970810102208.13506A-100000@netrail.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I attempted to run it and got the following trying to run it with 'root'
as the user (even providing the correct password):

Demonstration of 4.4BSD procfs hole
Brian Mitchell <brian@firehouse.net>

after you see "setuid changed", enter the pw for the user
Be warned, searching for the setuid() function takes a long time!
Password:searching - please be patient...
setuid changed (0x8046f64)

_su: Permission denied.

I'm running freebsd 2.2.2

-------------------------------------------------------------------------
Jonathan A. Zdziarski                                NetRail Incorporated
Server Engineering Manager                    230 Peachtree St. Suite 500
jonz@netrail.net                                        Atlanta, GA 30303
http://www.netrail.net                                    (888) - NETRAIL
-------------------------------------------------------------------------