From owner-freebsd-security  Tue Oct  1 15:55:57 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA06397
          for security-outgoing; Tue, 1 Oct 1996 15:55:57 -0700 (PDT)
Received: from dhp.com (dhp.com [199.245.105.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA06391
          for <freebsd-security@freebsd.org>; Tue, 1 Oct 1996 15:55:53 -0700 (PDT)
Received: from localhost (jaeger@localhost) by dhp.com (8.7.6/8.6.12) with SMTP id SAA32124; Tue, 1 Oct 1996 18:55:28 -0400
Date: Tue, 1 Oct 1996 18:55:28 -0400 (EDT)
From: jaeger <jaeger@dhp.com>
To: Bill Fenner <fenner@parc.xerox.com>
cc: freebsd-security@freebsd.org
Subject: Re: setuid programs in freebsd 
In-Reply-To: <96Oct1.110511pdt.177476@crevenia.parc.xerox.com>
Message-ID: <Pine.LNX.3.95.961001184942.16445A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Tue, 1 Oct 1996, Bill Fenner wrote:

> Marc,
> 
>   There are certain programs that have been modified to do the minimum 
> required tasks before releasing their setuid-ness, e.g. ping and traceroute 
> basically do
> 
> main()
> {
> 	s = socket();
> 	setuid(getuid());
> 
> I've been meaning to do the same to mrinfo & mtrace for quite a long time.  
> Perhaps these could be specially labelled in your document?

	I believe Theo De Raadt commited those changes to OpenBSD a month or
two ago.  Has the FreeBSD core been getting notices on security holes still?

>   Bill
> 
j.