Date: Thu, 2 Nov 2000 09:21:24 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: James Wyatt <jwyatt@rwsystems.net> Cc: Chris Faulhaber <jedgar@fxp.org>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@freebsd.org Subject: Re: vulnerability in mail.local (fwd) Message-ID: <20001102092124.A57009@peitho.fxp.org> In-Reply-To: <Pine.BSF.4.10.10011020816090.867-100000@bsdie.rwsystems.net>; from jwyatt@rwsystems.net on Thu, Nov 02, 2000 at 08:16:33AM -0600 References: <20001102085907.C5928@peitho.fxp.org> <Pine.BSF.4.10.10011020816090.867-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 02, 2000 at 08:16:33AM -0600, James Wyatt wrote: > On Thu, 2 Nov 2000, Chris Faulhaber wrote: > > On Thu, Nov 02, 2000 at 05:41:49AM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > > Looks like we could be vulnerable too. > > mail.local(8) is not longer suid by default. > > As of when? > According to: http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/mail.local/Makefile Revision 1.10.2.4 ... Thu Oct 19 21:15:55 2000 UTC (13 days, 17 hours ago) by gshapiro MFC: mail.local(8) is no longer installed as a set-user-id binary. Revision 1.13 ... Tue Oct 10 18:12:30 2000 UTC (3 weeks, 1 day ago) by gshapiro mail.local(8) is no longer installed as a set-user-id binary. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001102092124.A57009>