Date: Sat, 2 Aug 1997 13:17:58 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: tom@sdf.com (Tom Samplonius) Cc: black@zen.cypher.net, lenzi@bsi.com.br, hackers@FreeBSD.ORG Subject: Re: security hole on FreeBSD 2.2.2 Message-ID: <199708020347.NAA08948@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.95q.970801172516.8042C-100000@misery.sdf.com> from Tom Samplonius at "Aug 1, 97 05:26:23 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Samplonius stands accused of saying: > > On Fri, 1 Aug 1997, Ben Black wrote: > > > exactly. i have no clue what this guy is talking about. > > Exactly. It looks like this guy installed some bogus software, probably > setuid to root, that has a gaping hole in it. The "bogus software" is Perl. "superl" should have been "sperl", and my last world build of -stable left me with : silver:~>ls -l /usr/bin/sperl* ---s--x--x 2 root bin 286720 Jun 7 18:35 /usr/bin/sperl4.036 Naturally, I don't leave it installed on public machines; setuid script interpreters are a Really Bad Idea. -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708020347.NAA08948>