From owner-freebsd-security  Sun Feb 25 20:57:25 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA20922
          for security-outgoing; Sun, 25 Feb 1996 20:57:25 -0800 (PST)
Received: from comtch.iea.com (comtch.iea.com [198.17.249.2])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA20917
          for <freebsd-security@freebsd.org>; Sun, 25 Feb 1996 20:57:24 -0800 (PST)
Received: by comtch.iea.com (8.6.10/SMI-4.1)
	id EAA07774; Mon, 26 Feb 1996 04:56:59 GMT
Message-Id: <199602260456.EAA07774@comtch.iea.com>
Subject: Re: Suspicious symlinks in /tmp
To: coredump@nervosa.com (invalid opcode)
Date: Sun, 25 Feb 1996 20:56:58 -0800 (PST)
From: "Mark Smith" <msmith@comtch.iea.com>
Cc: taob@io.org, freebsd-security@freebsd.org
In-Reply-To: <Pine.BSF.3.91.960225131851.8196F-100000@nervosa.com> from "invalid opcode" at Feb 25, 96 01:19:18 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
Precedence: bulk

> 
> Looks like someone is trying to exploit a race condition in order to grab 
> the password file.
> 

Will this attack work under FreeBSD 2.1R ?


Mark