From owner-cvs-all  Tue Feb 23  3:21:12 1999
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 681CD10EBC; Tue, 23 Feb 1999 03:21:09 -0800 (PST)
	(envelope-from kris@FreeBSD.org)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.9.2/8.9.2) id DAA63159;
	Tue, 23 Feb 1999 03:21:09 -0800 (PST)
	(envelope-from kris@FreeBSD.org)
Message-Id: <199902231121.DAA63159@freefall.freebsd.org>
From: Kris Kennaway <kris@FreeBSD.org>
Date: Tue, 23 Feb 1999 03:21:09 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/sysutils/wmmon Makefile ports/sysutils/wmmon/pkg
         DESCR
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

kris        1999/02/23 03:21:09 PST

  Modified files:
    sysutils/wmmon       Makefile 
    sysutils/wmmon/pkg   DESCR 
  Log:
  The wmmon port likes to install itself setuid root. Unfortunately, it has a
  major security hole (and at least one minor one) resulting in a local root
  exploit. Until a better fix is available, this patch installs the binary
  chmod go-s, meaning you must be root to run it. If anyone is using this in
  a multi-user environment they are strongly advised to remove the setuid bit.
  
  Submitted by: Steve Reid <sreid@alpha.sea-to-sky.net>
  
  Revision  Changes    Path
  1.6       +3 -3      ports/sysutils/wmmon/Makefile
  1.2       +4 -0      ports/sysutils/wmmon/pkg/DESCR


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message