From owner-freebsd-security  Sat Jul 17  5:14:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175])
	by hub.freebsd.org (Postfix) with ESMTP id 6998B14CBF
	for <freebsd-security@freebsd.org>; Sat, 17 Jul 1999 05:13:47 -0700 (PDT)
	(envelope-from sheldonh@axl.noc.iafrica.com)
Received: from sheldonh (helo=axl.noc.iafrica.com)
	by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1)
	id 115TJV-000O5t-00; Sat, 17 Jul 1999 14:11:33 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Paulo Fragoso <paulo@nlink.com.br>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD exploit? 
In-reply-to: Your message of "Sat, 17 Jul 1999 08:55:28 -0300."
             <Pine.BSF.3.96.990717084540.29894B-100000@mirage.nlink.com.br> 
Date: Sat, 17 Jul 1999 14:11:32 +0200
Message-ID: <92620.932213492@axl.noc.iafrica.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Sat, 17 Jul 1999 08:55:28 -0300, Paulo Fragoso wrote:

> I thought it was more dangerous, because the article is classified
> "remote", and someone can remotely use to afsect another system.

I think that's a mistake. Since the exploit "allows any user to bypass
rlimits", a login is implied. Also, the code provided must be run on the
host in question.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message