From owner-freebsd-security Tue Dec 28 11: 9: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id 7E193154AA for ; Tue, 28 Dec 1999 11:08:53 -0800 (PST) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id 796301A63; Tue, 28 Dec 1999 14:06:30 -0500 (EST) From: Spidey MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14441.2614.114877.349074@anarcat.dyndns.org> Date: Tue, 28 Dec 1999 14:06:30 -0500 (EST) To: freebsd-security@freebsd.org Subject: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root X-Mailer: VM 6.72 under 21.1 (patch 7) "Biscayne" XEmacs Lucid Reply-To: Spidey Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I don't know if any of you took a look at this PR I made, but I think it would be a good idea. I would like to have your advice on the modifications I am suggesting. Also, it would be urgent to mark the port either as broken or commit the fix, as, right now, anyone who installs the amanda 2.3 package from the ports or the packages is very likely to get *wacked* by its local users. Should I have posted this earlier to the list? I thought someone would have noticed the PR... Thanks. The AnarCat -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message