From owner-cvs-all Wed Dec 1 11:30:51 1999 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 000BD14BFE; Wed, 1 Dec 1999 11:30:49 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id LAA92255; Wed, 1 Dec 1999 11:30:45 -0800 (PST) (envelope-from kris@FreeBSD.org) Message-Id: <199912011930.LAA92255@freefall.freebsd.org> From: Kris Kennaway Date: Wed, 1 Dec 1999 11:30:44 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/net/gated Makefile Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk kris 1999/12/01 11:30:44 PST Modified files: net/gated Makefile Log: Mark BROKEN due to buffer overflow yielding root to members of wheel. There's also an overflow with ospf_monitor which may result in being able to corrupt routing traffic (which I've reported to the developers) According to the docs, gdc shouldn't be installed root:wheel and setuid, but put into its own gdmaint group. This still doesn't prevent people in that group from gaining root, though. Submitted by: Brock Tellier (gdc bug) Revision Changes Path 1.22 +3 -1 ports/net/gated/Makefile To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message