From owner-freebsd-security Thu Dec 16 8:13: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E084B153EF for ; Thu, 16 Dec 1999 08:13:04 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA81816; Thu, 16 Dec 1999 09:13:03 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA71988; Thu, 16 Dec 1999 09:12:59 -0700 (MST) Message-Id: <199912161612.JAA71988@harmony.village.org> To: Robert Watson Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) Cc: Chris England , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 16 Dec 1999 09:18:00 EST." References: Date: Thu, 16 Dec 1999 09:12:59 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Robert Watson writes: : So, I'm sorry, could you be specific here: was this problem reported to : security-officer@freebsd.org, or reported via a send-pr, or not reported : to us? The problem was reported to so twice. Once about a week ago, and then again just before the posting to bugtraq. The first post hit while everybody was swamped, so nothing happened. The second post was to SO just before it hit bugtraq from the bugtraq moderator and I just at that moment happened to have a free 10 minutes to look at it. : Would it be feasible for someone to go disable setuid bits in all the : games/ tree? :-) Why was xsoldier setuid? No clue why it was suid. Likely a silly high score file. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message