Date: Mon, 29 Jan 2001 22:29:03 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Brian F. Feldman" <green@FreeBSD.ORG> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED] Message-ID: <20010129222903.A79869@xor.obsecurity.org> In-Reply-To: <200101300609.f0U69Cf70017@green.dyndns.org>; from green@FreeBSD.ORG on Tue, Jan 30, 2001 at 01:09:11AM -0500 References: <security-advisories@freebsd.org> <200101300609.f0U69Cf70017@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 30, 2001 at 01:09:11AM -0500, Brian F. Feldman wrote: > Actually, there were two issues. One was that the permissions weren't=20 > dropped totally on the way to opening the .fakeid file, and the other was= =20 > that it was not read in a way that would be guaranteed not to block, so b= y=20 > creating a named pipe, the user could hang an inetd child. Is that really a security issue, though? Kris --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6dl8vWry0BWjoQKURAu8UAKDO1CwB7FLOqY+fQwcQArE33M4UzgCeJ6hA FNGsS/SECT82Mt1pWbuMyaU= =XvgO -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129222903.A79869>