From owner-cvs-all  Mon Oct  2 15:45:36 2000
Delivered-To: cvs-all@freebsd.org
Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173])
	by hub.freebsd.org (Postfix) with ESMTP
	id 866BD37B66E; Mon,  2 Oct 2000 15:45:27 -0700 (PDT)
Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.11.0/8.11.0) with ESMTP id e92Mf8a73718;
	Mon, 2 Oct 2000 23:41:08 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.1/8.11.0) with ESMTP id e92Mdpn25883;
	Mon, 2 Oct 2000 23:39:51 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200010022239.e92Mdpn25883@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Brian Somers <brian@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject: Re: cvs commit: src/usr.bin/finger finger.c 
In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.org> 
   of "Mon, 02 Oct 2000 18:29:26 EDT." <Pine.NEB.3.96L.1001002182845.75641D-100000@fledge.watson.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 02 Oct 2000 23:39:51 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Yes, I just asked security-officer for advice :-/

> We need to release a security advisory for this.  It might be worth
> rerolling 4.1.1-RELEASE, although maybe that's not possible. 
> 
>   Robert N M Watson 
> 
> robert@fledge.watson.org              http://www.watson.org/~robert/
> PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
> TIS Labs at Network Associates, Safeport Network Services
> 
> On Mon, 2 Oct 2000, Brian Somers wrote:
> 
> > brian       2000/10/02 15:27:34 PDT
> > 
> >   Modified files:
> >     usr.bin/finger       finger.c 
> >   Log:
> >   Don't allow finger /somefile, only allow filname expansions from
> >   inside /etc/finger.conf
> >   
> >   PR:	21704
> >   
> >   Revision  Changes    Path
> >   1.20      +11 -1     src/usr.bin/finger/finger.c

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message