From owner-cvs-ports  Wed Dec 11 00:57:58 1996
Return-Path: <owner-cvs-ports>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id AAA27439
          for cvs-ports-outgoing; Wed, 11 Dec 1996 00:57:58 -0800 (PST)
Received: from precipice.shockwave.com (ppp-206-170-5-220.rdcy01.pacbell.net [206.170.5.220])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id AAA27434;
          Wed, 11 Dec 1996 00:57:46 -0800 (PST)
Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.8.4/8.7.3) with ESMTP id AAA23163; Wed, 11 Dec 1996 00:57:36 -0800 (PST)
Message-Id: <199612110857.AAA23163@precipice.shockwave.com>
To: "Andrey A. Chernov" <ache@freefall.freebsd.org>
cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-ports@freefall.freebsd.org
Subject: Re: cvs commit: ports/comms/kermit/patches patch-ab 
In-reply-to: Your message of "Tue, 10 Dec 1996 12:32:20 PST."
             <199612102032.MAA27653@freefall.freebsd.org> 
Date: Wed, 11 Dec 1996 00:57:35 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-cvs-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

That's not a security hole.  If you don't like the behavior, just don't
setgid dialer the program.

Paul

  From: "Andrey A. Chernov" <ache@freefall.freebsd.org>
  Subject: cvs commit:  ports/comms/kermit/patches patch-ab
  ache        96/12/10 12:32:19
  
    Added:       comms/kermit/patches  patch-ab
    Log:
    Close small security hole introduced with last upgrade (one needed
    patch not applied):
    anyone (not dialer group members only) can do anything with serial devices