From owner-freebsd-current  Thu Oct 31 21:52:58 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA20532
          for current-outgoing; Thu, 31 Oct 1996 21:52:58 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA20527
          for <current@freebsd.org>; Thu, 31 Oct 1996 21:52:56 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vJCX0-0002gM-00; Thu, 31 Oct 1996 22:52:38 -0700
To: Michael Hancock <michaelh@cet.co.jp>
Subject: Re: /var/mail (was: re: Help, permission problems...) 
Cc: current@freebsd.org
In-reply-to: Your message of "Fri, 01 Nov 1996 13:54:32 +0900."
		<Pine.SV4.3.95.961101134942.4374D-100000@parkplace.cet.co.jp> 
References: <Pine.SV4.3.95.961101134942.4374D-100000@parkplace.cet.co.jp>  
Date: Thu, 31 Oct 1996 22:52:38 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vJCX0-0002gM-00@rover.village.org>
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message
<Pine.SV4.3.95.961101134942.4374D-100000@parkplace.cet.co.jp> Michael
Hancock writes: 
: I would also advocate getting c2 to promote a "Hack FreeBSD" contest to
: see how many security holes people can find. 

Just chmod s-o lpr/lpd before starting, OK?  I've fixed a bunch, but
there are more lurking.

I'd also be leery of yelling too loudly about this.  OpenBSD has a
bunch of buffer overflows in setuid code that isn't lpr/lpd that has
yet to be integrated into FreeBSD.  I'm working on a list now, but I
don't have anything concrete to share at the moment.

Warner