From owner-freebsd-security Thu Aug 26 10:32:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 599E614E90; Thu, 26 Aug 1999 10:32:15 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA85117; Thu, 26 Aug 1999 11:32:15 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA65999; Thu, 26 Aug 1999 11:33:30 -0600 (MDT) Message-Id: <199908261733.LAA65999@harmony.village.org> To: Mike Tancsa Subject: Re: New exploit ? Patch ? (from BUGTRAQ Aug26 1999) Cc: freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG In-reply-to: Your message of "Thu, 26 Aug 1999 12:55:00 EDT." <3.0.5.32.19990826125500.01d258a0@staff.sentex.ca> References: <3.0.5.32.19990826125500.01d258a0@staff.sentex.ca> Date: Thu, 26 Aug 1999 11:33:30 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The quick and dirty workaround for this would be to move /usr/sbin/periodic to /usr/sbin/periodic.bin. Replace /usr/sbin/periodic with #!/bin/sh limits -c 0 /usr/sbin/periodic.bin $* Both the bug in the fts library and the dumping to core dumps through symbolic links which together conspire to have this bug are being fixed and there should be real commits soon. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message