From owner-freebsd-security Tue Dec 28 15:38:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.HiWAAY.net (fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (Postfix) with ESMTP id 83F561551A for ; Tue, 28 Dec 1999 15:38:39 -0800 (PST) (envelope-from sprice@hiwaay.net) Received: from localhost (sprice@localhost) by mail.HiWAAY.net (8.9.3/8.9.0) with ESMTP id RAA24206; Tue, 28 Dec 1999 17:38:37 -0600 (CST) Date: Tue, 28 Dec 1999 17:38:36 -0600 (CST) From: Steve Price To: Spidey Cc: freebsd-security@FreeBSD.ORG Subject: Re: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root In-Reply-To: <14441.2614.114877.349074@anarcat.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 28 Dec 1999, Spidey wrote: # Hi. # # I don't know if any of you took a look at this PR I made, but I think # it would be a good idea. # # I would like to have your advice on the modifications I am # suggesting. # # Also, it would be urgent to mark the port either as broken or commit # the fix, as, right now, anyone who installs the amanda 2.3 package # from the ports or the packages is very likely to get *wacked* by its # local users. # # Should I have posted this earlier to the list? I thought someone would # have noticed the PR... I noticed the problem report. The 'patch' needs help, but I've almost got something that I think accomplishes the spirit of the PR at least. Look for it to get committed, later tonight. -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message