Date: Fri, 17 May 1996 14:21:48 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: Paul Traina <pst@shockwave.com> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, davidg@root.com, "Jordan K. Hubbard" <jkh@freefall.freebsd.org>, committers@freefall.freebsd.org, security@freebsd.org Subject: Re: cvs commit: src/sbin Makefile Message-ID: <9605171821.AA05895@halloran-eldar.lcs.mit.edu> In-Reply-To: <199605171749.KAA00487@precipice.shockwave.com> References: <273.832325899@time.cdrom.com> <199605171749.KAA00487@precipice.shockwave.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 17 May 1996 10:49:43 -0700, Paul Traina <pst@shockwave.com> said: > Here's my current *DRAFT* advisory, I'm certain it's not perfect > (i.e. is 2.0.5 and 2.0 affected too?) Yes. This bug has been in there since the 2.0. The fix should be the same for all release versions of libc (make a diff with -kk so that the different RCS Ids don't cause the patch to partially fail). > I definitely want to check to see if NetBSD has this bug too (in > a different form) so we can warn them. I'd be very surprised. > FreeBSD SA-96:09 mount_union unauthorized super-user access mount_msdos is also affected. All of the mount_* programs can be affected if `root' has an insecure path and attempts to mount a filesystem type not already in the kernel. > Category: core > Module: mount_union > Announced: 1996-05-17 > Affects: FreeBSD 2.1, 2.1-stable, and 2.2-current > Corrected: 1996-05-17 2.1-stable and 2.2-current sources Not yet in -stable. Doing that right now. > Source: 4.4 BSD bug No. 4.4 didn't have LKMs. > FreeBSD only: unknown Yes. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9605171821.AA05895>