From owner-freebsd-security  Mon Jul 15 03:18:17 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA26044
          for security-outgoing; Mon, 15 Jul 1996 03:18:17 -0700 (PDT)
Received: from orion.webspan.net (root@orion.webspan.net [206.154.70.41])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA26037
          for <freebsd-security@freebsd.org>; Mon, 15 Jul 1996 03:18:14 -0700 (PDT)
Received: from localhost (gpalmer@localhost [127.0.0.1]) by orion.webspan.net (8.7.5/8.6.12) with SMTP id GAA03592; Mon, 15 Jul 1996 06:18:05 -0400 (EDT)
X-Authentication-Warning: orion.webspan.net: Host gpalmer@localhost [127.0.0.1] didn't use HELO protocol
To: -Vince- <vince@mercury.gaianet.net>
cc: jbhunt <jbhunt@mercury.gaianet.net>, freebsd-security@freebsd.org,
        root@mercury.gaianet.net
From: "Gary Palmer" <gpalmer@freebsd.org>
Subject: Re: New EXPLOIT located! 
In-reply-to: Your message of "Mon, 15 Jul 1996 01:21:07 PDT."
             <Pine.BSF.3.91.960715012012.1637F-100000@mercury.gaianet.net> 
Date: Mon, 15 Jul 1996 06:18:05 -0400
Message-ID: <3588.837425885@orion.webspan.net>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

-Vince- wrote in message ID
<Pine.BSF.3.91.960715012012.1637F-100000@mercury.gaianet.net>:
> > You *HAVE* applied the rdist patch(es), or better yet, DISABLED rdist
> > totally, haven't you?

> 	Only took out the setuid flag... Have the patches been applied to 
> the latest -current since I just recompiled rdist from the latest 
> -current sources...

Huh? rdist shouldn't be vunerable if it HAS had the setuid bit
removed... (unless I really am mis-understanding something)

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info