Date: Fri, 17 May 1996 01:26:43 -0700 (PDT) From: invalid opcode <coredump@nervosa.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: freebsd-security@freebsd.org, security-officer@freebsd.org Subject: Re: very bad Message-ID: <Pine.BSF.3.91.960517012516.20464H-100000@onyx.nervosa.com> In-Reply-To: <13470.832320504@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 May 1996, Jordan K. Hubbard wrote: > Ow! :-( > > Thanks for reporting this! > > You know though, for ones this bad I'd really rather you sent the > message to security-officer@freebsd.org rather than freebsd-security > in the future. There are easily over 1000 people on this list and you > just announced a cookbook method for any shell account user to go root > on a FreeBSD based ISP box; hardly the kind of information one would > want to see widely circulated without a prepared fix, at the > least. :-( > Jordan Too bad it's already on BUGTRAQ and BoS which is way more than 1000 :-( And I would have sent it to security-officer@freebsd.org had I even known of such an address. The prepared fix is chmod u-s /sbin/mount_union. == Chris Layne ======================================== Nervosa Computing == == coredump@nervosa.com ================ http://www.nervosa.com/~coredump ==
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960517012516.20464H-100000>