From owner-freebsd-security Tue Aug 3 18:29:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from ares.maths.adelaide.edu.au (Ares.maths.adelaide.edu.au [129.127.44.147]) by hub.freebsd.org (Postfix) with ESMTP id B43F914DBC for ; Tue, 3 Aug 1999 18:29:19 -0700 (PDT) (envelope-from glewis@ares.maths.adelaide.edu.au) Received: (from glewis@localhost) by ares.maths.adelaide.edu.au (8.9.3/8.9.3) id KAA65877; Wed, 4 Aug 1999 10:58:50 +0930 (CST) (envelope-from glewis) From: Greg Lewis Message-Id: <199908040128.KAA65877@ares.maths.adelaide.edu.au> Subject: Re: chflags() [heads up] (fwd) In-Reply-To: from Seth at "Aug 3, 1999 12:18:18 pm" To: Seth Date: Wed, 4 Aug 1999 10:58:50 +0930 (CST) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL56 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > FYI... this hit bugtraq today. > > SB > > ---------- Forwarded message ---------- > Date: Sun, 01 Aug 1999 19:20:45 +0300 > From: Adam Morrison > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: chflags() [heads up] > > >From the OpenBSD change logs: > > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v > ---------------------------- > revision 1.59 > date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 > do not permit regular users to chflags/fchflags on chr or blk devices -- > even if they happen to own them at the moment. > > NetBSD-current has this fixed as of the following revision of > vfs_syscalls.c. > > $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos > > >From quick inspection, FreeBSD appears to be vulnerable. Already fixed by the looks of it :) 1.112.2.4 Mon Aug 2 21:37:25 1999 UTC by imp Branch: RELENG_3 MFC: 1.126 only root sets flags on devices 1.126 Mon Aug 2 21:34:46 1999 UTC by imp Only allow root to set file flags on devices. -- Greg Lewis glewis@trc.adelaide.edu.au Computing Officer +61 8 8303 5083 Teletraffic Research Centre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message