From owner-freebsd-security  Tue Oct 26 18:59:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id DAA6F14FC5
	for <freebsd-security@FreeBSD.ORG>; Tue, 26 Oct 1999 18:59:11 -0700 (PDT)
	(envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id SAA02351;
	Tue, 26 Oct 1999 18:58:57 -0700
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by point.osg.gov.bc.ca, id smtpda02349; Tue Oct 26 18:58:49 1999
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id SAA08102;
	Tue, 26 Oct 1999 18:58:44 -0700 (PDT)
Message-Id: <199910270158.SAA08102@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdVL8098; Tue Oct 26 18:58:03 1999
X-Mailer: exmh version 2.1.0 09/18/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.3-RELEASE
X-Sender: cy
To: cc@flanker.itl.net.ua
Cc: freebsd-security@FreeBSD.ORG, sziszi@petra.hos.u-szeged.hu
Subject: Re: HP automountd security bulletin (fwd) 
In-reply-to: Your message of "Tue, 26 Oct 1999 17:49:26 +0200."
             <Pine.LNX.3.96.991026174725.25403D-100000@petra.hos.u-szeged.hu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 26 Oct 1999 18:58:03 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.LNX.3.96.991026174725.25403D-100000@petra.hos.u-szeged.hu>, Ad
am Szilveszter writes:
> Hi!
> 
> I am not an expert but I would like to ask if we are vulnerable to this
> amd problem I got news about the other day...

I would think that amd could be vulnerable because it supports 
program filesystem (type:=program).  This is not exactly the same as 
automountd's executable maps, but I suspect it could be exploited in 
some way because amd executes an external program to actually perform 
mounts/unmounts.  The following amd patch disables program maps.

--- src/usr.sbin/amd/include/config.h.orig	Sun Aug 29 08:39:16 1999
+++ src/usr.sbin/amd/include/config.h	Mon Oct 25 23:42:20 1999
@@ -35,7 +35,7 @@
 #define HAVE_AM_FS_INHERIT 1
 
 /* Define if have program filesystem */
-#define HAVE_AM_FS_PROGRAM 1
+/* #undef HAVE_AM_FS_PROGRAM */
 
 /* Define if have symbolic-link filesystem */
 #define HAVE_AM_FS_LINK 1


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC
                      "e**(i*pi)+1=0"




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message