Date: Fri, 12 Apr 2002 23:32:36 -0700 From: "Crist J. Clark" <cjc@FreeBSD.org> To: Nicolas Rachinsky <list@rachinsky.de> Cc: security@FreeBSD.org, brett@lariat.org Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Message-ID: <20020412233236.A43915@blossom.cjclark.org> In-Reply-To: <20020411204516.GA51239@pc5.abc>; from list@rachinsky.de on Thu, Apr 11, 2002 at 10:45:17PM %2B0200 References: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org> <20020411204516.GA51239@pc5.abc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 11, 2002 at 10:45:17PM +0200, Nicolas Rachinsky wrote: > * Brett Glass <brett@lariat.org> [2002-04-11 14:12:01 -0600]: > > [This is a corrected version of the previous message, which omitted > > the word "isn't" near the beginning of the second paragraph.] > > > > The vulnerability described in the message below is a classic > > "in-band signalling" problem that may give an unauthorized user > > the ability to run an arbitrary command as root. > > > > Fortunately, the vulnerability isn't present in FreeBSD's daily, weekly, > > and monthly maintenance scripts, because they use sendmail rather > > than /bin/mail. No, they use mail(1), $ more /usr/bin/periodic . . . *) pipe="mail -s '$host ${arg##*/} run output' $output";; -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020412233236.A43915>