From owner-freebsd-security Thu Nov 2 6:21:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 39FC437B479 for ; Thu, 2 Nov 2000 06:21:20 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 126811360E; Thu, 2 Nov 2000 09:21:25 -0500 (EST) Date: Thu, 2 Nov 2000 09:21:24 -0500 From: Chris Faulhaber To: James Wyatt Cc: Chris Faulhaber , Cy Schubert - ITSD Open Systems Group , freebsd-security@freebsd.org Subject: Re: vulnerability in mail.local (fwd) Message-ID: <20001102092124.A57009@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , James Wyatt , Cy Schubert - ITSD Open Systems Group , freebsd-security@freebsd.org References: <20001102085907.C5928@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Thu, Nov 02, 2000 at 08:16:33AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Nov 02, 2000 at 08:16:33AM -0600, James Wyatt wrote: > On Thu, 2 Nov 2000, Chris Faulhaber wrote: > > On Thu, Nov 02, 2000 at 05:41:49AM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > > Looks like we could be vulnerable too. > > mail.local(8) is not longer suid by default. > > As of when? > According to: http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/mail.local/Makefile Revision 1.10.2.4 ... Thu Oct 19 21:15:55 2000 UTC (13 days, 17 hours ago) by gshapiro MFC: mail.local(8) is no longer installed as a set-user-id binary. Revision 1.13 ... Tue Oct 10 18:12:30 2000 UTC (3 weeks, 1 day ago) by gshapiro mail.local(8) is no longer installed as a set-user-id binary. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message