Date: Tue, 30 Jan 2001 01:09:11 -0500 From: "Brian F. Feldman" <green@FreeBSD.org> To: security@FreeBSD.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED] Message-ID: <200101300609.f0U69Cf70017@green.dyndns.org> In-Reply-To: Message from FreeBSD Security Advisories <security-advisories@freebsd.org> of "Mon, 29 Jan 2001 13:06:31 PST." <20010129210631.015E137B698@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, there were two issues. One was that the permissions weren't dropped totally on the way to opening the .fakeid file, and the other was that it was not read in a way that would be guaranteed not to block, so by creating a named pipe, the user could hang an inetd child. I don't remember which was reported and which I discovered as a result of fixing the other, BTW. The advisory really should incorporate at least both issues... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101300609.f0U69Cf70017>