Date: Wed, 12 Aug 1998 21:01:15 -0400 (EDT) From: andrewr <andrewr@slack.net> To: ben@efn.org Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Marc Slemko <marcs@znep.com>, "Mark J. Taylor" <mtaylor@cybernet.com>, freebsd-security@FreeBSD.ORG Subject: Re: Possible security "risk" in ftp client Message-ID: <Pine.NEB.3.96.980812210035.27880A-100000@brooklyn.slack.net> In-Reply-To: <Pine.BSF.3.96.980812134552.20149A-100000@Tyr.office.EFN.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 12 Aug 1998, Ben wrote: > For ps I made a patch that allows only root(or wheel, you pick) to use the > flag '-a', otherwise the user attempting to use '-a' only gets his/her proc's. Did you patch the kernel as well? Caue if you didn't, it's useless. > > Available at: > http://www.efn.org/~ben/ps/diff.txt > For the diff between the 2.2.7-RELEASE ps.c and mine. > (/usr/src/bin/ps.c) > http://www.efn.org/~ben/ps/results.txt > Demonstration of it in action. > http://www.efn.org/~ben/ps/ps.c > http://www.efn.org/~ben/ps/ps.old.c > My ps.c and the old ps.c. > http://www.efn.org/~ben/ps/ps.root.gz > http://www.efn.org/~ben/ps/ps.wheel.gz > Binaries for 2.2.7 that allow only root, or wheel to use the > -a flag correctly. > > > > > Andrew > > -ben@efn.org EFN News Administrator. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.980812210035.27880A-100000>