From owner-cvs-all Tue Apr 17 1:42: 9 2001 Delivered-To: cvs-all@freebsd.org Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5]) by hub.freebsd.org (Postfix) with ESMTP id 0558337B43E; Tue, 17 Apr 2001 01:42:01 -0700 (PDT) (envelope-from sobomax@FreeBSD.org) Received: from vic.sabbo.net (dialup14-45.iptelecom.net.ua [212.9.229.109]) by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id LAA14234; Tue, 17 Apr 2001 11:41:55 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vic.sabbo.net (8.11.3/8.11.2) with ESMTP id f3H8fL759458; Tue, 17 Apr 2001 11:41:21 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3ADC01C1.191316BC@FreeBSD.org> Date: Tue, 17 Apr 2001 11:41:37 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.77 [en] (WinNT; U) X-Accept-Language: uk,ru,en MIME-Version: 1.0 To: Kris Kennaway Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/comms/minicom Makefile References: <200104170807.f3H878m78129@freefall.freebsd.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > kris 2001/04/17 01:07:08 PDT > > Modified files: > comms/minicom Makefile > Log: > Mark FORBIDDEN; this port allows a local exploit yielding uid uucp > > Submitted by: empathy@feelings.com Perhaps more appropriate interim solution would be to just lift off setuid bit from the executable instead of marking the whole thing FORBIDDEN. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message