From owner-freebsd-security Tue Aug 3 9:20:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32]) by hub.freebsd.org (Postfix) with ESMTP id 3AA5114DEA for ; Tue, 3 Aug 1999 09:20:12 -0700 (PDT) (envelope-from seth@freebie.dp.ny.frb.org) Received: by fed-ef1.frb.gov; id MAA01148; Tue, 3 Aug 1999 12:18:33 -0400 (EDT) Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2) id xma001046; Tue, 3 Aug 99 12:18:22 -0400 Date: Tue, 03 Aug 1999 12:18:18 -0400 (EDT) From: Seth Subject: chflags() [heads up] (fwd) To: security@freebsd.org Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FYI... this hit bugtraq today. SB ---------- Forwarded message ---------- Date: Sun, 01 Aug 1999 19:20:45 +0300 From: Adam Morrison To: BUGTRAQ@SECURITYFOCUS.COM Subject: chflags() [heads up] >From the OpenBSD change logs: RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v ---------------------------- revision 1.59 date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 do not permit regular users to chflags/fchflags on chr or blk devices -- even if they happen to own them at the moment. NetBSD-current has this fixed as of the following revision of vfs_syscalls.c. $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos >From quick inspection, FreeBSD appears to be vulnerable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message