Date: Sun, 03 Sep 2000 16:23:22 -0400 From: Jeff Evarts <riventree@earthlink.net> To: lidl@pix.net Subject: What level of bug is worth reporting? Message-ID: <39B2B33A.EC657BD3@earthlink.net>
next in thread | raw e-mail | index | archive | help
Hello, This is really a question about what-level-of-bug-is-worth-reporting. This is what I found: IF ( Obscure-Service-X is turned on in Open/Free/Net-BSD ) [Haven't checked BSD/OS] THEN Any local user can set the access time of any file to the current time Any local user can set the mode of any tty device to rw------, whether it's in use or not ENDIF Both of these seem like potential DOS problems to me, though I cannot think of any way to exploit them to become root or anything, and the code in question has worked the way it does for over 2 years. Is a "problem" like this worth reporting, or does it just make you look like a nitpicker? -Jeff Evarts --riventree@earthlink.net ---http://www.ecst.csuchico.edu/~amarth/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39B2B33A.EC657BD3>