From owner-freebsd-security  Sat Apr 13 10: 6:55 2002
Delivered-To: freebsd-security@freebsd.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by hub.freebsd.org (Postfix) with SMTP id 8953537B41B
	for <security@freebsd.org>; Sat, 13 Apr 2002 10:06:37 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 13 Apr 2002 17:05:30 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4])
	by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA12905
	for <security@freebsd.org>; Sat, 13 Apr 2002 13:05:21 -0400 (EDT)
Received: from spirit.dynas.se (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with SMTP id g3DH6ct10238
	for <security@freebsd.org>; Sat, 13 Apr 2002 13:06:38 -0400 (EDT)
Received: (qmail 18992 invoked from network); 13 Apr 2002 17:06:32 -0000
Received: from explorer.rsa.com (HELO mikko.rsa.com) (10.81.217.59)
  by spirit.st.se.eu.rsa.net with SMTP; 13 Apr 2002 17:06:32 -0000
Received: (from mikko@localhost)
	by mikko.rsa.com (8.11.6/8.11.6) id g3DH6T117776;
	Sat, 13 Apr 2002 10:06:29 -0700 (PDT)
	(envelope-from mikko)
Date: Sat, 13 Apr 2002 10:06:29 -0700 (PDT)
From: Mikko Tyolajarvi <mikko@dynas.se>
Message-Id: <200204131706.g3DH6T117776@mikko.rsa.com>
To: cmr@iisc.com
Cc: security@freebsd.org
Orig-To: "Charles M. Richmond" <cmr@iisc.com>
Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems 
Newsgroups: local.freebsd.security
References: Your message of "Thu, 11 Apr 2002 23:58:03 MDT."              <4.3.2.7.2.20020411235129.00ba5bc0@nospam.lariat.org>  <200204121134.HAA23582@koibito.iisc.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In local.freebsd.security you write:


>Up-to-date patched Solaris 8:

>amaterasu $ pwd
>/export/home/cmr
>amaterasu $ echo "~\!touch foo" | mail cmr
>amaterasu $ ls -l foo
>foo: No such file or directory
>amaterasu $ ls -l /usr/bin/mail
>-r-x--s--x   1 root     mail       61080 Mar  6 18:01 /usr/bin/mail

>Up-to-date patched Solaris 7

>taiyou $ pwd
>/export/home/cmr
>taiyou $ echo "~\!touch foo" | mail cmr
>taiyou $ ls -l foo
>foo: No such file or directory
>taiyou $ ls -l /usr/bin/mail
>-r-x--s--x   1 bin      mail       66796 Mar  1 18:14 /usr/bin/mail

Try "mailx" or /usr/ucb/mail...

   $.02,
   /Mikko
-- 
 Mikko Työläjärvi_______________________________________mikko@rsasecurity.com
 RSA Security

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message