From owner-freebsd-security  Thu Dec 16 10:28:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 1E67415633
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Dec 1999 10:28:25 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA82380;
	Thu, 16 Dec 1999 11:28:22 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA72864; Thu, 16 Dec 1999 11:28:21 -0700 (MST)
Message-Id: <199912161828.LAA72864@harmony.village.org>
To: Spidey <beaupran@iro.umontreal.ca>
Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) 
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
	Chris England <cengland@obscurity.org>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Thu, 16 Dec 1999 13:27:15 EST."
		<14425.12035.757889.422296@anarcat.dyndns.org> 
References: <14425.12035.757889.422296@anarcat.dyndns.org>  <199912160615.XAA69151@harmony.village.org> <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> 
Date: Thu, 16 Dec 1999 11:28:21 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <14425.12035.757889.422296@anarcat.dyndns.org> Spidey writes:
: The patch fixes the exploit, not the suid bit.

Yes.  I'm starting to think that a blanket policy of not setuid root
games might not be a bad idea.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message