Date: Tue, 10 Jun 1997 11:08:35 -0600 From: Warner Losh <imp@village.org> To: Matthias Buelow <token@wicx50.informatik.uni-wuerzburg.de> Cc: ghelmer@cs.iastate.edu (Guy Helmer), freebsd-security@freebsd.org Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <E0wbUPM-0001GK-00@rover.village.org> In-Reply-To: Your message of "Tue, 03 Jun 1997 18:51:42 %2B0200." <199706031651.SAA24768@wicx20.informatik.uni-wuerzburg.de> References: <199706031651.SAA24768@wicx20.informatik.uni-wuerzburg.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199706031651.SAA24768@wicx20.informatik.uni-wuerzburg.de> Matthias Buelow writes: : I was already wondering when I freshly installed 2.1.5 half a year ago that : sperl 4.x was still setuid (I remember that Perl's unsafety was already : known at least when I was still running 2.1.0 and I also remember some old : CERT advisories mentioning freebsd ages ago). Since then it has become : routine for me to chmod 0 sperl/setuidperl etc. and I'm really wondering : how there could be people left who don't know of that ancient hole? I mean, : even some of my clueless Linux friends know about the sperl vulnerability. ;) I'm pretty sure it wasn't that ancient hole, but rather a newer one that was a buffer overflow. The ancient hole was different and fixed, if memory serves correctly. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wbUPM-0001GK-00>