From owner-freebsd-security  Wed Sep 15  8:30: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14])
	by hub.freebsd.org (Postfix) with ESMTP id D79AE15328
	for <FreeBSD-security@freebsd.org>; Wed, 15 Sep 1999 08:29:11 -0700 (PDT)
	(envelope-from GregoryC@stcinc.com)
Received: from stcinc.com (gw-covad768k-cognitivetech.ncal.verio.com [207.20.238.29] (may be forged))
	by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id IAA07562
	for <FreeBSD-security@freebsd.org>; Wed, 15 Sep 1999 08:27:11 -0700 (PDT)
Message-ID: <37DFBE91.A07AAF8B@stcinc.com>
Date: Wed, 15 Sep 1999 08:43:13 -0700
From: Gregory Carvalho <GregoryC@stcinc.com>
Reply-To: GregoryC@stcinc.com
Organization: Simplified Technology Company
X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: FreeBSD-security@freebsd.org
Subject: FreeBSD-SA-99:01 File Flags and Man-In-The-Middle Attack
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It appears to me that this exploit can be avoided by logging in as root
on all virtual terminals and immediately logging back out. Does my
theory sound correct?

Cordially,
Gregory Carvalho		GregoryC@stcinc.com
Simplified Technology Company	http://www.stcinc.com
In God I Trust!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message