Date: Wed, 18 Jul 2007 12:10:07 GMT From: Cristian KLEIN <cristi@net.utcluj.ro> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/112754: VERY SERIOUS security bug in sysutils/eject Message-ID: <200707181210.l6ICA7lW026280@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/112754; it has been noted by GNATS. From: Cristian KLEIN <cristi@net.utcluj.ro> To: bug-followup@FreeBSD.org, ighighi@gmail.com Cc: Subject: Re: ports/112754: VERY SERIOUS security bug in sysutils/eject Date: Wed, 18 Jul 2007 15:01:17 +0300 Besides the change suggested by the reporter, I would also recommend the following pkg-message: NOTE: This port is no longer installed with SETUID, because it allows non-privileged users to unmount a filesystem. To enable your users to eject the CD-ROM, install security/sudo and enter the following line in /usr/local/etc/sudoers: %users ALL=/usr/local/sbin/eject /dev/acd0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707181210.l6ICA7lW026280>