From owner-freebsd-security@freebsd.org Thu Jan 14 18:03:31 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44F0AA839E4 for ; Thu, 14 Jan 2016 18:03:31 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1FCB115BB for ; Thu, 14 Jan 2016 18:03:30 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 4AF40221AC for ; Thu, 14 Jan 2016 13:03:18 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute6.internal (MEProxy); Thu, 14 Jan 2016 13:03:18 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=Z6qo01Zm3N+Z0K4 TVUJ/RyRRExs=; b=pgtyqiOAfhS2bJJSxLbRwIh4fF1A7Vm3E79BoJz21evcj0u FfLpIuqVT9saWDLHR4VFxIpLxhzyMyX20rLoeW7YlCa+fSGZG+5bFs4Yqa4RDBba whxMcZuhV8Zp7L25cmHHXteyNFcIGZpxv0StBhZNM0vmuVejolVdupmWVq8M= Received: by web6.nyi.internal (Postfix, from userid 99) id 2787E4651A; Thu, 14 Jan 2016 13:03:18 -0500 (EST) Message-Id: <1452794598.3272417.492278658.0BA706B8@webmail.messagingengine.com> X-Sasl-Enc: IUE6LUP+FrGng7pV4f7gAAqH1Z2vU53h1hRUlRW8HTJI 1452794598 From: Mark Felder To: freebsd-security@freebsd.org, FreeBSD Security Advisories MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cda141f In-Reply-To: <20160114100455.52C3A1623@freefall.freebsd.org> References: <20160114100455.52C3A1623@freefall.freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd Date: Thu, 14 Jan 2016 12:03:18 -0600 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 18:03:31 -0000 On Thu, Jan 14, 2016, at 04:04, FreeBSD Security Advisories wrote: > > V. Solution > > This vulnerability can be fixed by modifying the permission on > /etc/bsnmpd.conf to owner root:wheel and permission 0600. > > The patch is provided mainly for third party vendors who deploy FreeBSD > and provide a safe default. The patch itself DOES NOT fix the > permissions > for existing installations. > Are we paranoid of breaking someone's special snowflake install, or is freebsd-update unable to only do a permissions change? -- Mark Felder ports-secteam member feld@FreeBSD.org