From owner-freebsd-hackers  Sun Sep 14 23:09:20 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id XAA03209
          for hackers-outgoing; Sun, 14 Sep 1997 23:09:20 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [204.244.210.193])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id XAA03204
          for <freebsd-hackers@freebsd.org>; Sun, 14 Sep 1997 23:09:17 -0700 (PDT)
Received: from tom by misery.sdf.com with smtp (Exim 1.62 #1)
	id 0xAUGZ-00046H-00; Sun, 14 Sep 1997 23:04:11 -0700
Date: Sun, 14 Sep 1997 23:04:11 -0700 (PDT)
From: Tom <tom@sdf.com>
To: Existence is Futile <nonxstnt@not.of.this.world.engelska.se>
cc: freebsd-hackers@freebsd.org
Subject: Re: Why SPERL? 
In-Reply-To: <Pine.BSF.3.96.970915062637.22299A-100000@krusty.the.clown.engelska.se>
Message-ID: <Pine.BSF.3.95q.970914230329.15270A-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Mon, 15 Sep 1997, Existence is Futile wrote:

...
> Why does even the latest RELENG (that I've used) include sperl4.036? when
> it's a well known way to get root? it came in handy today when some guy
> couldn't su because he wasnt in the wheel group and couldn't login as root
> any other way (being 45 minutes away). But, it's a serious security flaw!
...

  It has been patched for the last month of so now.

Tom