Date: Wed, 12 Aug 1998 20:52:27 -0600 From: Brett Glass <brett@lariat.org> To: ben@efn.org, andrewr <andrewr@slack.net> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Marc Slemko <marcs@znep.com>, "Mark J. Taylor" <mtaylor@cybernet.com>, freebsd-security@FreeBSD.ORG Subject: Re: Possible security "risk" in ftp client Message-ID: <199808130258.UAA06194@lariat.lariat.org> In-Reply-To: <Pine.BSF.3.96.980812134552.20149A-100000@Tyr.office.EFN.or g> References: <Pine.NEB.3.96.980811213226.17677B-100000@brooklyn.slack.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Commit this, sez I. It looks good. --Brett At 02:42 PM 8/12/98 -0700, Ben wrote: >For ps I made a patch that allows only root(or wheel, you pick) to use the >flag '-a', otherwise the user attempting to use '-a' only gets his/her proc's. > >Available at: >http://www.efn.org/~ben/ps/diff.txt > For the diff between the 2.2.7-RELEASE ps.c and mine. > (/usr/src/bin/ps.c) >http://www.efn.org/~ben/ps/results.txt > Demonstration of it in action. >http://www.efn.org/~ben/ps/ps.c >http://www.efn.org/~ben/ps/ps.old.c > My ps.c and the old ps.c. >http://www.efn.org/~ben/ps/ps.root.gz >http://www.efn.org/~ben/ps/ps.wheel.gz > Binaries for 2.2.7 that allow only root, or wheel to use the > -a flag correctly. > >> >> Andrew > > -ben@efn.org EFN News Administrator. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808130258.UAA06194>