Date: Thu, 16 Dec 1999 09:18:00 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Warner Losh <imp@village.org> Cc: Chris England <cengland@obscurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) Message-ID: <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> In-Reply-To: <199912160615.XAA69151@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Dec 1999, Warner Losh wrote: > In message <Pine.BSO.4.10.9912152030130.29021-100000@obscurity.org> Chris England writes: > : I personally have not tested this. I'm not too big on games, but I would > : recommend anyone who has this game installed suid-root to test the snippet > : code against it and post the results to this list. > > The bugtraq guys forwarded the report to SO before they sent it to > bugtraq. We had it fixed within a couple of hours (and it would have > been faster if we weren't in ports freeze). So, I'm sorry, could you be specific here: was this problem reported to security-officer@freebsd.org, or reported via a send-pr, or not reported to us? Would it be feasible for someone to go disable setuid bits in all the games/ tree? :-) Why was xsoldier setuid? Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991216091552.26813A-100000>