From owner-freebsd-security  Thu Dec 16 13:33:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8])
	by hub.freebsd.org (Postfix) with ESMTP id 6418A14EFC
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Dec 1999 13:32:47 -0800 (PST)
	(envelope-from matt@zigg.com)
Received: from localhost (matt@localhost)
	by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id QAA45190;
	Thu, 16 Dec 1999 16:31:18 -0500 (EST)
	(envelope-from matt@zigg.com)
Date: Thu, 16 Dec 1999 16:31:15 -0500 (EST)
From: Matt Behrens <matt@zigg.com>
To: Tim Tsai <tim@futuresouth.com>
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)
In-Reply-To: <19991216152548.A21327@futuresouth.com>
Message-ID: <Pine.BSF.4.21.9912161629420.45027-100000@megaweapon.zigg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 16 Dec 1999, Tim Tsai wrote:

> How about just:
> 
> HAS_SETUID = {no, user[s]}
> 
> example:
> 
> HAS_SETUID = root
> HAS_SETUID = no
> HAS_SETUID = dialer uucp
> HAS_SETUID = games

I would suggest a slight modification on that, just in case we ever have a
user named ``no'':

HAS_SETUID = {NO, ...}

i.e.

HAS_SETUID = root
HAS_SETUID = NO
etc.

Matt Behrens <matt@zigg.com>
Owner/Administrator, zigg.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE4WVol+xq4JbgNGlMRAuz6AJ96/y4zNlALjOpe5DzjEnsS5Iy0FACeLIwf
5R2UzL/KdPFW3h81iKZO0ck=
=MV2s
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message