From owner-freebsd-security  Thu Jul 12 13:52:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from awww.jeah.net (awww.jeah.net [216.111.239.130])
	by hub.freebsd.org (Postfix) with ESMTP id 8224337B407
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 13:52:44 -0700 (PDT)
	(envelope-from chris@jeah.net)
Received: from localhost (chris@localhost)
	by awww.jeah.net (8.11.4/8.11.3) with ESMTP id f6CKqOT78154;
	Thu, 12 Jul 2001 15:52:24 -0500 (CDT)
	(envelope-from chris@jeah.net)
Date: Thu, 12 Jul 2001 15:52:24 -0500 (CDT)
From: Chris Byrnes <chris@jeah.net>
To: Mike Tancsa <mike@sentex.net>
Cc: jamie rishaw <jamie@playboy.com>, <security@FreeBSD.ORG>
Subject: Re: FreeBSD 4.3 local root
In-Reply-To: <5.1.0.14.0.20010712162317.0326d510@marble.sentex.ca>
Message-ID: <20010712155151.H77631-100000@awww.jeah.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 12 Jul 2001, Mike Tancsa wrote:

> At 03:13 PM 7/12/01 -0500, jamie rishaw wrote:
> >Patch your systems.  Maintain security.
>
> I guess what some people want to do is to make sure the patch worked. i.e.
> test before and after.
>
> >Dont add untrusted users.
>
> Not always possible.... e.g. an ISP shell server.

Indeed.  I had a user today try and use the exploit.  Too bad for him that
we upgraded to the latest -stable last night.

It's an unfortunate world we live in.



Chris Byrnes, Managing Member
JEAH Communications, LLC


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message