From owner-freebsd-security Fri Jun 29 4:11: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from aristotle.tamu.edu (Aristotle.tamu.edu [165.91.161.90]) by hub.freebsd.org (Postfix) with ESMTP id CB28A37B40B for ; Fri, 29 Jun 2001 04:10:52 -0700 (PDT) (envelope-from rasmith@aristotle.tamu.edu) Received: from aristotle.tamu.edu (IDENT:rasmith@localhost [127.0.0.1]) by aristotle.tamu.edu (8.9.3/8.8.7) with ESMTP id GAA32477; Fri, 29 Jun 2001 06:10:42 -0500 Message-Id: <200106291110.GAA32477@aristotle.tamu.edu> To: "Ryan Masse" Cc: "Lanny Baron" , "FreeBSD-Security" Subject: Re: samba vulnerability In-Reply-To: Message from "Ryan Masse" of "Fri, 29 Jun 2001 00:13:01 EDT." <014601c10051$ca88d2c0$3200a8c0@Home> Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Date: Fri, 29 Jun 2001 06:10:42 -0500 From: Robin Smith Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org One reason the Samba security advisory about using such things as %m.log as filenames many not have merited a FreeBSD security advisory is that (IIRC) the default config in the FreeBSD samba port (both of them: 2.0 under net/samba and 2.2 under net/samba-devel) has by default used log.%m for machine logfiles for at least a few months now. Of course, if you decided to change the config you could open yourself up again. I'm only guessing about whether this is why there was no freebsd s.a. Robin Smith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message