by redmail.netbsd.org with SMTP; 27 Aug 1999 15:51:28 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id RAA07725;
	Fri, 27 Aug 1999 17:51:20 +0200 (MEST)
Date: Fri, 27 Aug 1999 17:51:17 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: "Todd C. Miller" <Todd.Miller@courtesan.com>
Cc: tech-security@netbsd.org
Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]
Message-ID: <19990827175117.A6650@antioche.lip6.fr>
References: <19990827115805.A4542@antioche.lip6.fr> <19990827123116.A345@antioche.lip6.fr> <199908271422.IAA05497@xerxes.cs.colorado.edu> <19990827163803.A483@antioche.lip6.fr> <199908271446.IAA10338@xerxes.cs.colorado.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199908271446.IAA10338@xerxes.cs.colorado.edu>; from Todd C. Miller on Fri, Aug 27, 1999 at 08:46:37AM -0600

On Fri, Aug 27, 1999 at 08:46:37AM -0600, Todd C. Miller wrote:
> I can't decide whether or not the owner check is useful or not.
> I keep waffling back and forth :-)

I'm also going to propose the OpenBSD fix. Users will chose :)

> 
> I know the FreeBSD guys have been merging the changes I've made to the
> OpenBSD fts.c.  It would be great if all of *BSD had the basically the
> same fts.c

I've merged your patch in NetBSD, and unfortunably it doesn't fix the core
dump. But yes, it core dumps in fts_read(). I may have messed up something
(the patch didn't apply cleany) but I didn't find what. I won't play more with
this today, someone else should try to have a look at this.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--