Date: Tue, 3 Jun 1997 06:23:03 -0400 From: "Brad Bates" <bab@icon.lal.ufl.edu> To: "Michael Haro" <perl@netmug.org> Cc: <freebsd-security@freebsd.org> Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <B0000004668@tangelo.lal.ufl.edu>
next in thread | raw e-mail | index | archive | help
Michael, First, you may want to check-in with the security mail group and keep this out of the question group. See the freebsd-security information on the Support page at the fbsd site nearest you. Also, most folks would prefer that any security hole, whether real or suspected, not be generally announced until it is dealt with -- if you identify a problem to the right folks they will fix it, and then announce the fix. This helps people with less resources keep their systems secure until the fixes are available, and keeps the less mature of those on the Internet (bad boys & girls) from finding out about something they may have overlooked. The security folks will let you know how to report it, and may want some very specific details. As for "holes" (bugs) in existing code, well, that's part of life. No system is 100% secure. If you get a chance, take a read of Practical UNIX & Internet Security by Garfinkel & Spafford, or some comparable book to learn more about that. Thanks for the information, and good luck cleaning up your system. bab ---------- > From: Michael Haro <perl@netmug.org> > To: freebsd-questions@FreeBSD.ORG > Cc: perl@netmug.org > Subject: Security problem with FreeBSD 2.2.1 default installation > Date: Monday, June 02, 1997 11:20 PM > > Hi, yesterday one of my users gained root access to my system. > They did it by exploiting a bug in /usr/bin/sperl4* > Why does FreeBSD ship with a security hole? Is this a new one that you didn't > know about? How can I remedy the problem? Right now, I deleted the file from > the server. I am new to FreeBSD and would like to know how to fix it. > > Thanks, > Michael perl@netmug.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B0000004668>