From owner-freebsd-hackers  Sat Aug  2 13:02:48 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id NAA10678
          for hackers-outgoing; Sat, 2 Aug 1997 13:02:48 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA10664
          for <hackers@freebsd.org>; Sat, 2 Aug 1997 13:02:39 -0700 (PDT)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 1.60 #1)
	id 0wukNf-0005oI-00; Sat, 2 Aug 1997 14:02:27 -0600
To: Ben Black <black@zen.cypher.net>
Subject: Re: security hole on FreeBSD 2.2.2 
Cc: Sergio Lenzi <lenzi@bsi.com.br>, hackers@freebsd.org
In-reply-to: Your message of "Fri, 01 Aug 1997 20:06:59 EDT."
		<Pine.LNX.3.91.970801200610.3568F-100000@zen.cypher.net> 
References: <Pine.LNX.3.91.970801200610.3568F-100000@zen.cypher.net>  
Date: Sat, 02 Aug 1997 14:02:26 -0600
From: Warner Losh <imp@village.org>
Message-Id: <E0wukNf-0005oI-00@rover.village.org>
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.LNX.3.91.970801200610.3568F-100000@zen.cypher.net> Ben Black writes:
: wow, with a problem report like that i'll be sure to get right on 
: removing superl.  how about a copy of the script or an explanaition of 
: the bug?

The problem was that you could pass a huge command line arg, overflow
a buffer in some cases, and get an egg to hatch a root shell...  Check
out the bugtraq archive for more details.

Warner