From owner-freebsd-security Mon Dec 23 23:06:36 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id XAA12124 for security-outgoing; Mon, 23 Dec 1996 23:06:36 -0800 (PST) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA12113 for ; Mon, 23 Dec 1996 23:06:34 -0800 (PST) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id XAA24145 for ; Mon, 23 Dec 1996 23:06:48 -0800 (PST) Received: (qmail 29963 invoked by uid 110); 24 Dec 1996 07:05:24 -0000 Message-ID: <19961224070524.29962.qmail@suburbia.net> Subject: Re: Holes in default cron jobs (fwd) In-Reply-To: from Marc Slemko at "Dec 23, 96 11:01:35 pm" To: marcs@znep.com (Marc Slemko) Date: Tue, 24 Dec 1996 18:05:24 +1100 (EST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > NOTE: anyone running a -stable system should apply something resembling > the patch included below. While some kind soul (hint, hint) may commit > the below change to -stable, it won't have too much effect since few > people reinstall /etc. Anyone running -current should check to be sure > their /etc/security is an updated one. > > On Mon, 23 Dec 1996, Steve Reid wrote: > > > The only problem they mention in FreeBSD is in /etc/security. Rather than > > use the OpenBSD /etc/security, I've copied the tmp file change into > > FreeBSD's /etc/security. > > It is generally better to append a context diff (diff -u; or my > preffered format, -c) instead of the file; regardless of how short it > is, it makes it easier to see what has changed. > > > > > I'm running 2.1.6.1-RELEASE, but the machine was originally a > > 2.1.0-RELEASE... Has the /etc/security been updated since then? My solution to the /tmp/foo problem is: for n in `awk -F: