Date: Thu, 16 Dec 1999 13:37:17 -0500 (EST) From: Spidey <beaupran@iro.umontreal.ca> To: Warner Losh <imp@village.org> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Chris England <cengland@obscurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) Message-ID: <14425.12637.308602.637788@anarcat.dyndns.org> References: <14425.12035.757889.422296@anarcat.dyndns.org> <199912160615.XAA69151@harmony.village.org> <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> <199912161828.LAA72864@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes. Since I've been looking at setuid's on FBSD, my primary concern's been with the ports. I wished there could be some way to have a variable in the Makefiles that say "NOSETUID=3DYES". :)) We should make a a definite list of all the setuid's in the whole port tree. Maybe the port maintainers can give a hand? Darn.. d=E9j=E0 vu...=20 --- Big Brother told Warner Losh to write, at 11:28 of December 16: > In message <14425.12035.757889.422296@anarcat.dyndns.org> Spidey writ= es: > : The patch fixes the exploit, not the suid bit. >=20 > Yes. I'm starting to think that a blanket policy of not setuid root > games might not be a bad idea. >=20 > Warner >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14425.12637.308602.637788>