Date: Tue, 1 Oct 1996 18:55:28 -0400 (EDT) From: jaeger <jaeger@dhp.com> To: Bill Fenner <fenner@parc.xerox.com> Cc: freebsd-security@freebsd.org Subject: Re: setuid programs in freebsd Message-ID: <Pine.LNX.3.95.961001184942.16445A-100000@dhp.com> In-Reply-To: <96Oct1.110511pdt.177476@crevenia.parc.xerox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Oct 1996, Bill Fenner wrote:
> Marc,
>
> There are certain programs that have been modified to do the minimum
> required tasks before releasing their setuid-ness, e.g. ping and traceroute
> basically do
>
> main()
> {
> s = socket();
> setuid(getuid());
>
> I've been meaning to do the same to mrinfo & mtrace for quite a long time.
> Perhaps these could be specially labelled in your document?
I believe Theo De Raadt commited those changes to OpenBSD a month or
two ago. Has the FreeBSD core been getting notices on security holes still?
> Bill
>
j.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.961001184942.16445A-100000>