From owner-freebsd-ports Thu Mar 30 16:50: 6 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 460B337B773 for ; Thu, 30 Mar 2000 16:50:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id QAA75847; Thu, 30 Mar 2000 16:50:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Date: Thu, 30 Mar 2000 16:50:03 -0800 (PST) Message-Id: <200003310050.QAA75847@freefall.freebsd.org> To: freebsd-ports@FreeBSD.org Cc: From: Kris Kennaway Subject: Re: ports/17692: Unaudited SUID root on x11/kdebase11 .kss files, sec hazard? Reply-To: Kris Kennaway Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR ports/17692; it has been noted by GNATS. From: Kris Kennaway To: lioux@uol.com.br Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: ports/17692: Unaudited SUID root on x11/kdebase11 .kss files, sec hazard? Date: Thu, 30 Mar 2000 16:46:57 -0800 (PST) On 30 Mar 2000 lioux@uol.com.br wrote: > Then, it was "fixed" with a suid bit root on all .kss (screensaver) > files. There is reason I think this PR should be opened: > are we sure that suiding all those programs is really both > necessary and safe? I'll take another look at it - I had noticed it myself, but ISTR having checked it and been convinced it was okay. I didn't realise it was something FreeBSD had decided to do on its own, though (i.e. the change didnt come from KDE). > To quote Mr. Ade Lovett, "which should get the attention of both Will > and Kris :)" :-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message