From owner-freebsd-security  Sun Aug  3 07:52:16 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id HAA27323
          for security-outgoing; Sun, 3 Aug 1997 07:52:16 -0700 (PDT)
Received: from firewall.ftf.dk (root@[129.142.64.2])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA27318
          for <freebsd-security@freebsd.org>; Sun, 3 Aug 1997 07:52:12 -0700 (PDT)
Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id RAA12863; Sun, 3 Aug 1997 17:17:15 +0200
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id QAA08144;
	Sun, 3 Aug 1997 16:52:31 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.5/8.8.5/prosa-1.1) id QAA20437;
	Sun, 3 Aug 1997 16:51:16 +0200 (CEST)
Message-ID: <19970803165116.24551@deepo.prosa.dk>
Date: Sun, 3 Aug 1997 16:51:16 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: "Jonathan A. Zdziarski" <jonz@netrail.net>
Cc: freebsd-security@freebsd.org
Subject: Re: setuid shutdown?
References: <Pine.BSF.3.95q.970803100305.4197B-100000@netrail.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: Main Body
X-Mailer: Mutt 0.69
In-Reply-To: <Pine.BSF.3.95q.970803100305.4197B-100000@netrail.net>; from Jonathan A. Zdziarski on Sun, Aug 03, 1997 at 10:05:45AM +0000
X-Operating-System: FreeBSD 2.2.1-RELEASE i386
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Jonathan A. Zdziarski writes:
> 
> Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root
> version of it as well (found this out when I noticed that adduser and
> rmuser are perl and not c).  If I'm not mistaken 4 has some major security
> problems with setuid perl, no?

	Fixed in FreeBSD 2.2.1, IIRC -- check the list archives.


-- 
															  -- Phil

-[ Philippe Regnauld   /   Systems Administrator   /    regnauld@prosa.dk ]-
-[ Location.: +55.4N +11.3E       PGP Key: finger regnauld@hotel.prosa.dk ]-