Date: Wed, 04 Oct 2000 11:49:47 -0600 From: Warner Losh <imp@village.org> To: K2 <ktwo@KTWO.CA> Cc: security@freebsd.org Subject: Re: OpenBSD Security Advisory Message-ID: <200010041749.LAA38070@harmony.village.org> In-Reply-To: Your message of "Wed, 04 Oct 2000 00:31:03 PDT." <39DADCB7.4E416D8B@ktwo.ca> References: <39DADCB7.4E416D8B@ktwo.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I've had two requests from users to go through this and report on FreeBSD's status. I answered the fstat's portion in earlier mail, so I'll just say we aren't vulnerable and haven't been for a long long time. Since we're not vulnerable to any of these, I have a problem posting that to bugtraq as those sorts of messages tend to create a lot of clutter and ill will. In message <39DADCB7.4E416D8B@ktwo.ca> K2 writes: : There is also su, although it is only exploitable by the : usershell=format string, there is a possibility that somebody have a : third party application set the user shell to something that may be : malicious. Why no even passing mention in their "Daily Changelog" or : their security pages? : : ---- SNIP -- SNIP ---- : rain:/usr/src/libexec/talkd# su - ktwo : su: /usr/local/bin/bash0x00x1b150xdfbfdc8c0xdfbfdc280xdfbfdc2c: No such : file or directory : rain:/usr/src/libexec/talkd# cat /etc/passwd|grep ktwo : ktwo:*:100:100:what's your : style,,,:/home/ktwo:/usr/local/bin/bash%p%p%p%p%p FreeBSD has been immmune to this attack for a long time (since at least 1994, maybe earlier): 1.1 (rgrimes 27-May-94): err(1, "%s", shell); : talkd, A DEFAULT service. FreeBSD has never had this hole, as far as I can tell. We don't use fprintf here, but instead we build an iovect list up. : WOW what about photurisd? We don't have photurisd. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010041749.LAA38070>