From owner-freebsd-security Sat Dec 2 20:48:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 663DD37B400 for ; Sat, 2 Dec 2000 20:48:53 -0800 (PST) Received: (from root@localhost) by giganda.komkon.org (8.9.3/8.9.3) id XAA17920 for security@freebsd.org; Sat, 2 Dec 2000 23:48:47 -0500 (EST) (envelope-from str) Date: Sat, 2 Dec 2000 23:48:47 -0500 (EST) From: Igor Roshchin Message-Id: <200012030448.XAA17920@giganda.komkon.org> To: security@freebsd.org Subject: tcsh-6.09.03_1 package Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! This question might be better suited to -ports, but this package was recently discussed here, due to its vulnerability. On Nov. 30, I downloaded tcsh-6.09.03_1 package from ftp.freebsd.org, (for 3-STABLE), and installed it on a 3.5.1-RELEASE box using pkg_add. I've noticed one strange oddity: pkg_add replaced /usr/local/bin/tcsh in /etc/shells with a strings "bin/tcsh" (see the Packing list below). Why is it so ? Thanks, Igor The relevant part of the Packing list (output of pkg_info): Packing list: Package name: tcsh-6.09.03_1 CWD to /usr/local File: man/man1/tcsh.1.gz Comment: MD5:6e58573bc5a047867b5af95b030e1756 File: bin/tcsh Comment: MD5:58859c01f8d28d2d02025b00aeba7a9b EXEC 'echo "updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/bin/tcsh /etc/shells.bak; echo bin/tcsh) >/etc/shells' UNEXEC 'echo "updating /etc/shells"; cp /etc/shells /etc/shells.bak; (gr ep -v %D/bin/tcsh /etc/shells.bak) >/etc/shells' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message