Subject: Re: P_SUGID flag forgotten at fork() time
To: Luke Mewburn <>
From: David Holland <>
List: tech-security
Date: 03/23/1997 13:14:45
 > It appears from source examination that P_SUGID is forgotten at fork()
 > time. 

When FreeBSD discovered this about a month ago and it appeared on
bugtraq(*), I forwarded the info to security-officer, and received
word back it had been fixed. I can't find the actual message,
unfortunately, but I found another message referring to it.

If the fix didn't in fact make it in that time (would have been
Feb. 17th or 18th, I believe)... well, that's kinda bad. :(

(*) Nobody on bugtraq mentioned any of the interesting possibilities
besides being able to get rlogin cores and thus maybe shadow
passwords. I've been waiting for AUSCERT so I haven't posted it

   - David A. Holland             |    VINO project home page:    |