by redmail.netbsd.org with SMTP; 31 Jan 2000 03:32:59 -0000
	by audrey.Ivy.NET (8.8.8/8.8.8) with ESMTP id DAA05581
	for <tech-security@netbsd.org>; Mon, 31 Jan 2000 03:32:57 GMT
Date: Sun, 30 Jan 2000 20:32:55 -0700 (MST)
From: Miles Nordin <carton@Ivy.NET>
To: tech-security@netbsd.org
Subject: 1997 procfs vulnerability is back for more
Message-ID: <Pine.NEB.4.05.10001302011070.805-100000@audrey.Ivy.NET>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Can anyone buy me a clue on this?

 http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-01-15&msg=20000121215448.975E322FD4@lists.securityfocus.com

Honestly, I don't understand what they're talking about.  fclose(stderr);
execl("setuid-binary",...); -- apparently, am I supposed to remember This
One? I don't.

The article rambles on as if we don't exist--which is odd, especially
these days. Anyway, (1) is this a problem for NetBSD, and (2) considering
we weren't mentioned on BugTRAQ, does it warrant an announcement from us
one way or the other?

(3) let me know in private email if there is someone I should blame for
this suspicious, bewildering, and communally destructive neglect of NetBSD
in a public security forum. :)  Perhaps there is a precedent operating in
security advisorys that I don't understand yet.

thanks.

-- 
Miles Nordin / v:+1 720 841-8308 fax:+1 530 579-8680
555 Bryant Street PMB 182 / Palo Alto, CA 94301-1700 / US