From owner-freebsd-security  Tue Mar 11 10:22:12 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4436F37B405; Tue, 11 Mar 2003 10:22:09 -0800 (PST)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 486B143F75; Tue, 11 Mar 2003 10:22:06 -0800 (PST)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id D38A44D; Tue, 11 Mar 2003 12:22:05 -0600 (CST)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id B9C6378C44; Tue, 11 Mar 2003 12:22:05 -0600 (CST)
Date: Tue, 11 Mar 2003 12:22:05 -0600
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: David O'Brien <obrien@FreeBSD.org>
Cc: Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Guy Poizat <guy@device.dyndns.org>, freebsd-security@FreeBSD.org
Subject: Re: Prov. patch for the file hole ISS disclosed
Message-ID: <20030311182205.GA57362@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	David O'Brien <obrien@FreeBSD.org>,
	Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Guy Poizat <guy@device.dyndns.org>, freebsd-security@FreeBSD.org
References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org> <20030311181452.GA59655@dragon.nuxi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030311181452.GA59655@dragon.nuxi.com>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.3i-ja.1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Mar 11, 2003 at 10:14:52AM -0800, David O'Brien wrote:
> On Tue, Mar 11, 2003 at 11:41:27AM -0600, Jacques A. Vidrine wrote:
> > On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote:
> > > I think this should be merged into the security branches,
> > > due to possible remote exploit by third party programs that
> > > use file, such as (at the very least) amavis.
> > 
> > I tend to agree.
> > 
> > David?
> 
> Up to you.  I'm going to do an MFC for 4.8.  

Good, thanks!

> I am not very well setup to
> test the security branches.  

Oops, I didn't read very carefully.  I was talking about -STABLE only.

> Do you want me to just MFC exactly what I
> committed to 5-CURRENT to the 5_0 branch (it should Just Work).  Same for
> the 4_7 branch.

No, I do not wish the new `file' to be merged into the security
branches.

Cheers,
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message