Date: Wed, 4 Aug 1999 10:58:50 +0930 (CST) From: Greg Lewis <glewis@ares.maths.adelaide.edu.au> To: Seth <seth@freebie.dp.ny.frb.org> Cc: security@FreeBSD.ORG Subject: Re: chflags() [heads up] (fwd) Message-ID: <199908040128.KAA65877@ares.maths.adelaide.edu.au> In-Reply-To: <Pine.BSF.4.10.9908031217560.39607-100000@freebie.dp.ny.frb.org> from Seth at "Aug 3, 1999 12:18:18 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> FYI... this hit bugtraq today. > > SB > > ---------- Forwarded message ---------- > Date: Sun, 01 Aug 1999 19:20:45 +0300 > From: Adam Morrison <adam@XPERT.COM> > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: chflags() [heads up] > > >From the OpenBSD change logs: > > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v > ---------------------------- > revision 1.59 > date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 > do not permit regular users to chflags/fchflags on chr or blk devices -- > even if they happen to own them at the moment. > > NetBSD-current has this fixed as of the following revision of > vfs_syscalls.c. > > $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos > > >From quick inspection, FreeBSD appears to be vulnerable. Already fixed by the looks of it :) 1.112.2.4 Mon Aug 2 21:37:25 1999 UTC by imp Branch: RELENG_3 MFC: 1.126 only root sets flags on devices 1.126 Mon Aug 2 21:34:46 1999 UTC by imp Only allow root to set file flags on devices. -- Greg Lewis glewis@trc.adelaide.edu.au Computing Officer +61 8 8303 5083 Teletraffic Research Centre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908040128.KAA65877>