From owner-freebsd-advocacy Thu Dec 2 15:59:38 1999 Delivered-To: freebsd-advocacy@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222]) by hub.freebsd.org (Postfix) with ESMTP id 41C9714C2B; Thu, 2 Dec 1999 15:59:33 -0800 (PST) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.9.3/8.9.1) id PAA85577; Thu, 2 Dec 1999 15:59:24 -0800 (PST) (envelope-from mph) Date: Thu, 2 Dec 1999 15:59:24 -0800 From: Matthew Hunt To: Kris Kennaway Cc: Jason DiCioccio , chat@FreeBSD.ORG, advocacy@FreeBSD.ORG Subject: Re: Vulnerability postings.. Message-ID: <19991202155924.A80952@wopr.caltech.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@hub.freebsd.org on Thu, Dec 02, 1999 at 03:26:17PM -0800 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 02, 1999 at 03:26:17PM -0800, Kris Kennaway wrote: > In my response to the bugtraq post I corrected which ones were actually > our fault and which not. Just for the record, installing angband sgid was not a result of me smoking crack. It is written to be installed that way, aside from the fact that the author knows squat about security. (The source does not ship with an install target, so I did write the code to install sgid.) Grepping for "uid" in the source should make it clear that set[ug]id functionality is intended. As of today, the port installs non-sgid, but this requires two mode 1777 directories, breaks the high-score file, and probably lets players do bad things to each others' ability to play the game. Matt -- Matthew Hunt * Stay close to the Vorlon. http://www.pobox.com/~mph/ * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message