Date: Tue, 25 Jan 2005 07:57:34 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/chinese/zhcon Makefile ports/chinese/zhcon/files patch-src::configfile.cpp Message-ID: <20050125135734.GA5662@lum.celabo.org> In-Reply-To: <200501251355.j0PDt7gB049014@repoman.freebsd.org> References: <200501251355.j0PDt7gB049014@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 25, 2005 at 01:55:06PM +0000, Jacques A. Vidrine wrote: > nectar 2005-01-25 13:55:06 UTC > > FreeBSD ports repository > > Modified files: > chinese/zhcon Makefile > Added files: > chinese/zhcon/files patch-src::configfile.cpp > Log: > The set-user-ID binary zhcon normally reads it's user-specified > configuration file as root. Drop privileges before opening the file to > prevent a local user from reading arbitrary files. > > Reported by: Erik Sjölund > Obtained from: Debian I forgot to mention that this is http://vuxml.freebsd.org/d371b627-6ed5-11d9-bd18-000a95bc6fae.html . Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050125135734.GA5662>