From owner-freebsd-security Thu Mar 16 4:37: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 4BF9C37C0FF for ; Thu, 16 Mar 2000 04:37:00 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id HAA71092; Thu, 16 Mar 2000 07:36:54 -0500 (EST) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id HAA09497; Thu, 16 Mar 2000 07:36:48 -0500 (EST) Message-Id: <4.2.2.20000316072948.03762588@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 16 Mar 2000 07:36:15 -0500 To: Mike Nowlin From: Mike Tancsa Subject: Re: gated 3.5.11 Cc: freebsd-security@FreeBSD.ORG In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:20 AM 3/16/2000 -0500, Mike Nowlin wrote: >There was a message ~Dec 1 about a wheel-exploitable bug in gdc... Seems >to me that the only risk is for people that get wheel group access (or Have a search through the archives of this list and bugtraq. If I recall correctly there were a couple of holes. ospf_mon was problematic as well gdc. I not certain, but if you chmod 700 /usr/local/bin/ospf_monitor and chmod 700 /usr/local/bin/gdc you should be OK. But search through the archives for the original postings to be certain. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message