From owner-freebsd-security  Fri May 17 17:36:09 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA05147
          for security-outgoing; Fri, 17 May 1996 17:36:09 -0700 (PDT)
Received: from nervosa.com (root@nervosa.com [192.187.228.86])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id RAA05098;
          Fri, 17 May 1996 17:36:00 -0700 (PDT)
Received: from onyx.nervosa.com (coredump@onyx.nervosa.com [10.0.0.1]) by nervosa.com (8.7.5/8.7.3) with SMTP id RAA26309; Fri, 17 May 1996 17:35:31 -0700 (PDT)
Date: Fri, 17 May 1996 17:35:30 -0700 (PDT)
From: invalid opcode <coredump@nervosa.com>
To: Garrett Wollman <wollman@lcs.mit.edu>
cc: Paul Traina <pst@Shockwave.COM>, "Jordan K. Hubbard" <jkh@time.cdrom.com>,
        davidg@Root.COM, "Jordan K. Hubbard" <jkh@freefall.freebsd.org>,
        committers@freefall.freebsd.org, security@freebsd.org
Subject: Re: cvs commit: src/sbin Makefile 
In-Reply-To: <9605171821.AA05895@halloran-eldar.lcs.mit.edu>
Message-ID: <Pine.BSF.3.91.960517173455.25965E-100000@onyx.nervosa.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 17 May 1996, Garrett Wollman wrote:
> mount_msdos is also affected.  All of the mount_* programs can be
> affected if `root' has an insecure path and attempts to mount a
> filesystem type not already in the kernel.
> -GAWollman

mount_msdos always returned an EPERM, so I assume it may be vulnerable 
but not possible to exploit?

== Chris Layne ======================================== Nervosa Computing ==
== coredump@nervosa.com ================ http://www.nervosa.com/~coredump ==