From owner-freebsd-security Fri Aug 27 14:52:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 35BD1156CB for ; Fri, 27 Aug 1999 14:52:08 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA90920; Fri, 27 Aug 1999 15:51:14 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA76258; Fri, 27 Aug 1999 15:52:44 -0600 (MDT) Message-Id: <199908272152.PAA76258@harmony.village.org> To: Ludwig Pummer Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot] Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 27 Aug 1999 10:00:30 PDT." <37C6C42E.78E600F4@bigfoot.com> References: <37C6C42E.78E600F4@bigfoot.com> <199908261758.KAA94925@burka.rdy.com> <199908271214.JAA00774@ns1.sminter.com.ar> <19990827142016.U79110@bitbox.follo.net> Date: Fri, 27 Aug 1999 15:52:43 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <37C6C42E.78E600F4@bigfoot.com> Ludwig Pummer writes: : It was pointed out yesterday that 3 conditions need to be present for : this to be exploitable, and 2.2.8 doesn't have at least one of the : conditions (core dump won't follow symlinks in 2.2.8). Others have pointed out to me that 2.x will, indeed, follow symlinks. I don't have a system handy that I can test on (all my 2.x systems have core dumps turned off completely because they are on ultra-tiny disks). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message