From owner-freebsd-security Wed Oct 4 3:40:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id B8D7B37B503; Wed, 4 Oct 2000 03:39:53 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id RAA90188; Wed, 4 Oct 2000 17:37:36 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Wed, 4 Oct 2000 17:37:36 +0700 (NSS) From: Max Khon To: Dima Dorfman Cc: "Andrey V. Sokolov" , Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.org Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004102239.780551F0D@static.unixfreak.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Wed, 4 Oct 2000, Dima Dorfman wrote: > > Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard > > links! This exploit will work with any command from this set, if > > little modification of exploits code is done. > > And since they're hard links, when you [un]set the modes for one, the > others get it to. In other words, unless you go out of your way to > keep chfn/chsh/etc. setuid to root, chmod 555 `which chpass` is > sufficient. btw here is another post to bugtraq (from our security officer) --- cut here --- From imp@VILLAGE.ORG Wed Oct 4 17:35:53 2000 Date: Tue, 3 Oct 2000 23:17:48 -0600 From: Warner Losh To: BUGTRAQ@SECURITYFOCUS.COM Subject: Re: BSD chpass In message <20001004024548.A516@dissension.net> caddis writes: : { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, bsd_shellcode }, Just FYI, 4.1-RELEASE and newer aren't vulnerable. This problem was fixed by us in our sweep of the tree in search of the format bugs that came to light in late june. Warner Losh FreeBSD Security Officer --- cut here --- /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message