From owner-freebsd-hackers  Tue May 21 17:43:02 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA19190
          for hackers-outgoing; Tue, 21 May 1996 17:43:02 -0700 (PDT)
Received: from lynx.its.unimelb.edu.au (lynx.its.unimelb.EDU.AU [128.250.20.151])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA19166
          for <freebsd-hackers@freebsd.org>; Tue, 21 May 1996 17:42:47 -0700 (PDT)
Received: (from danny@localhost) by lynx.its.unimelb.edu.au (8.6.11/8.6.9) id KAA17436; Wed, 22 May 1996 10:41:11 +1000
Date: Wed, 22 May 1996 10:41:10 +1000 (EST)
From: "Daniel O'Callaghan" <danny@lynx.its.unimelb.edu.au>
To: Dan Polivy <danp@library.pride.net>
cc: freebsd-hackers@freebsd.org
Subject: Re: SECURITY BUG in FreeBSD (fwd)
In-Reply-To: <Pine.BSF.3.91.960517190355.230C-100000@library.pride.net>
Message-ID: <Pine.BSI.3.91.960522103923.17222C-100000@lynx.its.unimelb.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Fri, 17 May 1996, Dan Polivy wrote:

> FreeBSD has a security hole...
> dangerous is mount_union if suid is set
> vulnerable systems are: FreeBSD 2.1 RELEASE/2.2 CURRENT
> probably FreeBSD 2.1 STABLE is not vulnerable

2.0.5-RELEASE has /sbin/mount_union as 4755.  I'm not going to test it 
on a live system, but since I don't use the command, I rm'ed it.

Anyone tested 2.0.5?

Danny