From owner-freebsd-security  Sat Dec  7 14:09:26 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA12414
          for security-outgoing; Sat, 7 Dec 1996 14:09:26 -0800 (PST)
Received: from w2xo.pgh.pa.us (w2xo.pgh.pa.us [206.210.70.5])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA12409
          for <freebsd-security@freebsd.org>; Sat, 7 Dec 1996 14:09:19 -0800 (PST)
Received: (from durham@localhost) by w2xo.pgh.pa.us (8.7.6/8.7.3) id RAA00378 for freebsd-security@freebsd.org; Sat, 7 Dec 1996 17:02:44 -0500 (EST)
Message-ID: <XFMail.961207170243.durham@w2xo.pgh.pa.us>
X-Mailer: XFMail 0.5-alpha [p0] on FreeBSD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Sat, 07 Dec 1996 16:53:39 -0500 (EST)
From: Jim Durham <durham@w2xo.pgh.pa.us>
To: freebsd-security@freebsd.org
Subject: Strange behavior on 2.1.6
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I'm a newbie to this list. I seem to have found a problem in 2.1.6
that allows someone logged in as a user to su to root without
password or much effort. This may possibly be due to some configuration
stuff here, but I thought I would report it.

I assume I don't just give the details here? 

-Jim Durham