Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Feb 1999 03:21:09 -0800 (PST)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/sysutils/wmmon Makefile ports/sysutils/wmmon/pkg DESCR
Message-ID:  <199902231121.DAA63159@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
kris        1999/02/23 03:21:09 PST

  Modified files:
    sysutils/wmmon       Makefile 
    sysutils/wmmon/pkg   DESCR 
  Log:
  The wmmon port likes to install itself setuid root. Unfortunately, it has a
  major security hole (and at least one minor one) resulting in a local root
  exploit. Until a better fix is available, this patch installs the binary
  chmod go-s, meaning you must be root to run it. If anyone is using this in
  a multi-user environment they are strongly advised to remove the setuid bit.
  
  Submitted by: Steve Reid <sreid@alpha.sea-to-sky.net>
  
  Revision  Changes    Path
  1.6       +3 -3      ports/sysutils/wmmon/Makefile
  1.2       +4 -0      ports/sysutils/wmmon/pkg/DESCR


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902231121.DAA63159>