From owner-freebsd-security Wed Sep 15 11:54:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from proxy4.ba.best.com (proxy4.ba.best.com [206.184.139.15]) by hub.freebsd.org (Postfix) with ESMTP id D037014CF0 for ; Wed, 15 Sep 1999 11:54:44 -0700 (PDT) (envelope-from GregoryC@stcinc.com) Received: from stcinc.com (gw-covad768k-cognitivetech.ncal.verio.com [207.20.238.29] (may be forged)) by proxy4.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id LAA20235; Wed, 15 Sep 1999 11:52:24 -0700 (PDT) Message-ID: <37DFEEAB.FC57FFDB@stcinc.com> Date: Wed, 15 Sep 1999 12:08:27 -0700 From: Gregory Carvalho Reply-To: GregoryC@stcinc.com Organization: Simplified Technology Company X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Kelsey Cummings , FreeBSD-Security@FreeBSD.ORG Subject: Re: FreeBSD-SA-99:01 File Flags and Man-In-The-Middle Attack References: <37DFBE91.A07AAF8B@stcinc.com> <0d3001beffa9$2f55f170$33f9c9d0@neteze.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is all I could come up with from the CIAC (http://www.ciac.org) bulletin ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:01/ Kelsey Cummings wrote: > > Do you have a link to the report? TIA. > > ----- Original Message ----- > From: Gregory Carvalho > To: > Sent: Wednesday, September 15, 1999 8:43 AM > Subject: FreeBSD-SA-99:01 File Flags and Man-In-The-Middle Attack > > > It appears to me that this exploit can be avoided by logging in as root > > on all virtual terminals and immediately logging back out. Does my > > theory sound correct? > > Cordially, Gregory Carvalho GregoryC@stcinc.com Simplified Technology Company http://www.stcinc.com In God I Trust! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message