From owner-freebsd-security Fri Jul 13 6:43:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from federation.addy.com (federation.addy.com [208.11.142.20]) by hub.freebsd.org (Postfix) with ESMTP id 4A6A437B403 for ; Fri, 13 Jul 2001 06:43:29 -0700 (PDT) (envelope-from jim@federation.addy.com) Received: from localhost (jim@localhost) by federation.addy.com (8.9.3/8.9.3) with ESMTP id JAA70645 for ; Fri, 13 Jul 2001 09:41:09 -0400 (EDT) (envelope-from jim@federation.addy.com) Date: Fri, 13 Jul 2001 09:41:09 -0400 (EDT) From: Jim Sander Cc: security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root In-Reply-To: <20010712152545.B20322@xor.obsecurity.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Since the release of this advisory I've been doing nightly cvsups (using stable-supfile) and a daily 'make world' and remade/installed the (mildly) customized kernel I use. *** The exploit still works. *** Can anyone verify this has really been applied, and that it fixed the problem, or steer me in the direction of how to tell what I'm doing wrong? By the way, I applied the patches manually to several 3.x systems and everything works as expected: no root sh, and nothing else seems to break. Couldn't possibly have been much easier, barring a server-monkey to do the actual typing for me. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message