From owner-freebsd-security  Fri Sep 22 20:33:16 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id UAA18256
          for security-outgoing; Fri, 22 Sep 1995 20:33:16 -0700
Received: from haven.uniserve.com (haven.uniserve.com [198.53.215.121])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA18226
          for <security@freebsd.org>; Fri, 22 Sep 1995 20:33:10 -0700
Received: by haven.uniserve.com id <30867>; Fri, 22 Sep 1995 20:34:36 +0100
Date: 	Fri, 22 Sep 1995 20:34:33 -0700 (PDT)
From: Tom Samplonius <tom@uniserve.com>
To: Yen-Wei Liu <mighty.hoffmann@psi.wsl.sinica.edu.tw>
cc: security@freebsd.org
Subject: Re: cron 3.0pl1-20: URGENT SECURITY FIX (fwd) from Linux-security
In-Reply-To: <199509231008.KAA19544@psi.wsl.sinica.edu.tw>
Message-ID: <Pine.BSF.3.91.950922203058.28316A-100000@haven.uniserve.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
Precedence: bulk


On Sat, 23 Sep 1995, Yen-Wei Liu wrote:

> Hi,
> 
> The following message comes from linux-security mailing list. Actually
> this message just reminds me of two issues :
> 
> 1) That mailing list has a fairly high traffic. Compared with it, FreeBSD
>    security is much more silent. Does this mean FreeBSD is more secure,
>    or Linux is more vulnerable ? (Didn't mean to offend any OS.)

  Who's to say?  If there are holes, no ones found them, or they aren't 
there.

> 2) Is there anybody subscribing to the mailing list too ? They have
>    discussed several security issues, such as this cron vulnerability.
>    Does FreeBSD suffer the same vulnerabilities as Linux does?

  Often not.  FreeBSD comes out of the BSD4.4 lite code release which has 
been beaten on for years.

  FreeBSD does not appear to affected by this bug.  I just had cron, run 
"groups" and I received an e-mail message showing my groups, rather than 
root's groups.

Tom