From owner-freebsd-security Tue Oct 1 21:52:56 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA02330 for security-outgoing; Tue, 1 Oct 1996 21:52:56 -0700 (PDT) Received: from dhp.com (dhp.com [199.245.105.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA02309 for ; Tue, 1 Oct 1996 21:52:49 -0700 (PDT) Received: from localhost (jaeger@localhost) by dhp.com (8.7.6/8.6.12) with SMTP id AAA05981; Wed, 2 Oct 1996 00:52:45 -0400 Date: Wed, 2 Oct 1996 00:52:45 -0400 (EDT) From: jaeger To: Bill Fenner cc: freebsd-security@freebsd.org Subject: Re: setuid programs in freebsd In-Reply-To: <96Oct1.160922pdt.177476@crevenia.parc.xerox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 1 Oct 1996, Bill Fenner wrote: > > I believe Theo De Raadt commited those changes to OpenBSD a month or > >two ago. > > Presumably you're talking about the patches to map-mbone, mrinfo, mtrace > and mrouted that I reviewed for him? I sent them to him on September 11th > and just keep forgetting to apply them to the FreeBSD tree. > > Bill > Actually he and I and some other people were poking around the suids informally, and looked at mrinfo and mtrace I believe. I thought I saw some problems, he wasn't sure and just decided to drop privs right away. This was sometime in early August I recall. I'm not sure where all he applied fixes, I haven't looked at the CVS logs for the changes or the dates. j.