tech-security: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]

Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]
To: Charles M. Hannum <root@ihack.net>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-security
Date: 08/29/1999 16:25:29

  by redmail.netbsd.org with SMTP; 29 Aug 1999 14:25:34 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id QAA10846;
	Sun, 29 Aug 1999 16:25:31 +0200 (MEST)
Date: Sun, 29 Aug 1999 16:25:29 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: "Charles M. Hannum" <root@ihack.net>
Cc: tech-security@netbsd.org
Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]
Message-ID: <19990829162529.A5206@antioche.lip6.fr>
References: <199908271843.OAA02503@bikini.ihack.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199908271843.OAA02503@bikini.ihack.net>; from Charles M. Hannum on Fri, Aug 27, 1999 at 02:43:40PM -0400

On Fri, Aug 27, 1999 at 02:43:40PM -0400, Charles M. Hannum wrote:
> 
> I already fixed out fts(3) -- including several problems that still
> exist in the OpenBSD implementation.
> 
> Someone needs to write up an advisory.

I can do it if not already done. I'm not sure yet if I need to write one
for the 'override files through core dumps' problem, but I myself consider this
being a bug.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--