Date: Fri, 17 May 1996 13:23:16 -0700 From: Paul Traina <pst@shockwave.com> To: Glen Foster <gfoster@gfoster.com> Cc: jkh@time.cdrom.com, davidg@Root.COM, jkh@freefall.freebsd.org, committers@freefall.freebsd.org, security@FreeBSD.org Subject: Re: cvs commit: src/sbin Makefile Message-ID: <199605172023.NAA01405@precipice.shockwave.com> In-Reply-To: Your message of "Fri, 17 May 1996 15:48:25 EDT." <199605171948.PAA00619@ptavv.nsta.org>
next in thread | previous in thread | raw e-mail | index | archive | help
There are two separate problems. One is the crash, which can only be solved via removing setuid (until we fix it), the other is the symlink attack, which has been fixed properly. Two separate security bulletins will be released shortly on this problem to freebsd-security-notifications@freebsd.org. From: Glen Foster <gfoster@gfoster.com> Subject: Re: cvs commit: src/sbin Makefile How about rather than changing the Makefile to not install suid, the full path of modload be referenced in the source. Preserves the suid functionality and defeats the symlink attack. --- Glen Foster <gfoster@gfoster.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605172023.NAA01405>