Date: Fri, 17 May 1996 07:00:35 -0400 (EDT) From: Glen Foster <gfoster@gfoster.com> To: jkh@time.cdrom.com Cc: coredump@nervosa.com, freebsd-security@FreeBSD.ORG Subject: Re: very bad Message-ID: <199605171100.HAA00301@ptavv.nsta.org> In-Reply-To: <13642.832322039@time.cdrom.com> (jkh@time.cdrom.com)
next in thread | previous in thread | raw e-mail | index | archive | help
I, for one, am very happy that he announced it to the group rather than attempting STO. I was able fix the systems for which I have responsibility immediately. Thanks to Chris for getting the word out! It will be interesting to see an announcement coming from CERT two or three months from now about a "new" security bug. Now the big question, except for the obvious, why was mount_union suid in the first place? --- Glen Foster <gfoster@gfoster.com> > Date: Fri, 17 May 1996 01:33:59 -0700 > From: "Jordan K. Hubbard" <jkh@time.cdrom.com> > > > Too bad it's already on BUGTRAQ and BoS which is way more than 1000 :-( > > Ah well, what's done is done. > > > of such an address. The prepared fix is chmod u-s /sbin/mount_union. > > It should at least return EPERM! :-) > > Jordan > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605171100.HAA00301>