Date: Thu, 02 Nov 2000 06:28:28 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Chris Faulhaber <jedgar@fxp.org> Cc: James Wyatt <jwyatt@rwsystems.net>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG Subject: Re: vulnerability in mail.local (fwd) Message-ID: <200011021428.eA2ESvl34243@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 02 Nov 2000 09:21:24 EST." <20001102092124.A57009@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20001102092124.A57009@peitho.fxp.org>, Chris Faulhaber writes: > On Thu, Nov 02, 2000 at 08:16:33AM -0600, James Wyatt wrote: > > On Thu, 2 Nov 2000, Chris Faulhaber wrote: > > > On Thu, Nov 02, 2000 at 05:41:49AM -0800, Cy Schubert - ITSD Open Systems > Group wrote: > > > > Looks like we could be vulnerable too. > > > mail.local(8) is not longer suid by default. > > > > As of when? > > > > According to: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/mail.local/Makefile > > Revision 1.10.2.4 ... Thu Oct 19 21:15:55 2000 UTC (13 days, 17 hours ago) by > gshapiro > MFC: mail.local(8) is no longer installed as a set-user-id binary. > > Revision 1.13 ... Tue Oct 10 18:12:30 2000 UTC (3 weeks, 1 day ago) by gshapi > ro > mail.local(8) is no longer installed as a set-user-id binary. I would think that there is still a non-privileged user exploit. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011021428.eA2ESvl34243>