From owner-freebsd-security  Thu Feb 17  7:31:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hydrant.intranova.net (hydrant.intranova.net [209.201.95.10])
	by hub.freebsd.org (Postfix) with SMTP id 8878737B77F
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 Feb 2000 07:31:54 -0800 (PST)
	(envelope-from oogali@intranova.net)
Received: (qmail 91945 invoked from network); 17 Feb 2000 15:30:48 -0000
Received: from localhost (oogali@127.0.0.1)
  by hydrant.intranova.net with SMTP; 17 Feb 2000 15:30:48 -0000
Date: Thu, 17 Feb 2000 10:30:47 -0500 (EST)
From: Omachonu Ogali <oogali@intranova.net>
To: Dmitry Valdov <dv@dv.ru>
Cc: Warner Losh <imp@village.org>, Brett Glass <brett@lariat.org>,
	Bill Fumerola <billf@chc-chimes.com>, Kuzak <kuzak@kuzak.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Doscmd 
In-Reply-To: <Pine.BSF.3.95q.1000216153916.5211J-100000@xkis.kis.ru>
Message-ID: <Pine.BSF.4.10.10002171030240.91789-100000@hydrant.intranova.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Well, If you're su'ing to get to use it, what's the purpose of the
exploit? Another nifty shell?

On Wed, 16 Feb 2000, Dmitry Valdov wrote:

> Hi!
> 
> Anyway, this should be fixed. Just because somebody might want to use it
> with sudo.
> 
> Dmitry.
> 
> On Wed, 16 Feb 2000, Warner Losh wrote:
> 
> > Date: Wed, 16 Feb 2000 02:24:39 -0700
> > From: Warner Losh <imp@village.org>
> > To: Brett Glass <brett@lariat.org>
> > Cc: Bill Fumerola <billf@chc-chimes.com>, Kuzak <kuzak@kuzak.net>,
> >     freebsd-security@FreeBSD.ORG
> > Subject: Re: Doscmd 
> > 
> > In message <4.2.2.20000215235704.043169d0@localhost> Brett Glass writes:
> > : If it relies on doscmd being suid, then it would fail. But
> > : I have wondered whether control of your descriptor tables would
> > : let you hack the system. What's in that machine language?
> > 
> > Doesn't matter.  In order to use doscmd, one must be root anyway.  It
> > is useless for normal users iirc (the last dos program I needed to run 
> > has been exized from my machine, so I can't test it right now).
> > 
> > Warner
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message