Date: Tue, 3 Jun 1997 18:51:42 +0200 (MET DST) From: Matthias Buelow <token@wicx50.informatik.uni-wuerzburg.de> To: ghelmer@cs.iastate.edu (Guy Helmer) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <199706031651.SAA24768@wicx20.informatik.uni-wuerzburg.de> In-Reply-To: <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu> from "Guy Helmer" at Jun 3, 97 10:44:33 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > I just checked the bugtraq archives and found an exploit for sperl4.036 > and sperl 5.00x on FreeBSD was posted April 21! > > I guess no one watches bugtraq?!? I was already wondering when I freshly installed 2.1.5 half a year ago that sperl 4.x was still setuid (I remember that Perl's unsafety was already known at least when I was still running 2.1.0 and I also remember some old CERT advisories mentioning freebsd ages ago). Since then it has become routine for me to chmod 0 sperl/setuidperl etc. and I'm really wondering how there could be people left who don't know of that ancient hole? I mean, even some of my clueless Linux friends know about the sperl vulnerability. ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706031651.SAA24768>