From owner-freebsd-security Thu Dec 2 9: 8: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222]) by hub.freebsd.org (Postfix) with ESMTP id 6DA1A14CA6 for ; Thu, 2 Dec 1999 09:07:59 -0800 (PST) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.9.3/8.9.1) id JAA22055; Thu, 2 Dec 1999 09:07:05 -0800 (PST) (envelope-from mph) Date: Thu, 2 Dec 1999 09:07:05 -0800 From: Matthew Hunt To: Matt Behrens Cc: security@FreeBSD.ORG Subject: Re: [Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] ] Message-ID: <19991202090705.A21828@wopr.caltech.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from matt@zigg.com on Thu, Dec 02, 1999 at 07:04:40AM -0500 Approved: graham.spanier Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 02, 1999 at 07:04:40AM -0500, Matt Behrens wrote: > Isn't that what happened? Didn't Mr. Tellier say that the security > officer had ``contacted the maintainers''? I wasn't going to bother bringing this up in public, but I am one of the affected maintainers, and I never heard anything about it until Kris marked games/angband BROKEN. I'm not placing blame and I haven't investigated the issue closely, I'm just saying I never got an email in my inbox about it. I'm currently investigating the ramifications of installing angband non-sgid. I think this requires one or more mode 1777 directories. Do we have any policies against ports creating such directories? Should the user be warned in some way? Matt -- Matthew Hunt * Stay close to the Vorlon. http://www.pobox.com/~mph/ * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message