From owner-freebsd-security  Tue Nov 19 10:06:36 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA21110
          for security-outgoing; Tue, 19 Nov 1996 10:06:36 -0800 (PST)
Received: from precipice.shockwave.com (ppp-206-170-5-143.rdcy01.pacbell.net [206.170.5.143])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA21105;
          Tue, 19 Nov 1996 10:06:30 -0800 (PST)
Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.8.2/8.7.3) with ESMTP id KAA18076; Tue, 19 Nov 1996 10:05:49 -0800 (PST)
Message-Id: <199611191805.KAA18076@precipice.shockwave.com>
To: cschuber@uumail.gov.bc.ca
cc: security-officer@freebsd.org, freebsd-security@freebsd.org
Subject: Re: Futile rexecd holes 
In-reply-to: Your message of "Tue, 19 Nov 1996 07:53:27 PST."
             <199611191553.HAA00979@cwsys.cwent.com> 
Date: Tue, 19 Nov 1996 10:05:49 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Thanks for the heads up, I've just made similar patches to -current and
requested their incorporation into both release branches.  This fix will
not make 2.1.6, but will make the 2.1.6 "service pack update" (hah) and
2.2.

Since FreeBSD ships with rexecd disabled, I don't consider this a critical
issue, however we will cut an SA in the next week or so (if I ever have a
free moment again).

Paul