From owner-freebsd-security  Mon Jul 15 01:31:41 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA15446
          for security-outgoing; Mon, 15 Jul 1996 01:31:41 -0700 (PDT)
Received: from dhp.com (dhp.com [199.245.105.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA15438;
          Mon, 15 Jul 1996 01:31:36 -0700 (PDT)
Received: (from jaeger@localhost) by dhp.com (8.7.5/8.6.12) id EAA07044; Mon, 15 Jul 1996 04:31:33 -0400
Date: Mon, 15 Jul 1996 04:31:31 -0400 (EDT)
From: jaeger <jaeger@dhp.com>
To: -Vince- <vince@mercury.gaianet.net>
cc: Poul-Henning Kamp <phk@freebsd.org>, jbhunt <jbhunt@mercury.gaianet.net>,
        freebsd-security@freebsd.org
Subject: Re: New EXPLOIT located! 
In-Reply-To: <Pine.BSF.3.91.960715004202.1637C-100000@mercury.gaianet.net>
Message-ID: <Pine.LNX.3.91.960715042633.5268A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Mon, 15 Jul 1996, -Vince- wrote:

> 
> 	While we're at the subject, is there a hole with mount_msdos also 
> because the guy had some text on mount_msdos but I deleted the 
> /sbin/mount_msdos and -current still installs with the setuid bit...
> 
> Vince
> 
	mount_msdos is subject to the same vfsload(3) problems as
mount_union.  The exploit is slightly different.  The FreeBSD advisory gave
details on how to disable the suid bit in -current makefiles.

-jaeger