Re: Environment Poisoning and login -p
From: Mike Hoskins (mike_at_adept.org)
Date: 02/27/04
- Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:03.jail"
- In reply to: Dag-Erling Smørgrav: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 11:43:50 -0800 (PST) To: freebsd-security@FreeBSD.ORG
On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Smørgrav wrote:
> Agreed, let's let this discussion die instead. login(1) is no longer
> setuid root, so the whole thing is a non-issue.
to be complete, i assume you mean under 5.x:
mike@snafu{mike}$ uname -r
4.8-RELEASE-p15
mike@snafu{mike}$ ls -al /usr/bin/login
-r-sr-xr-x 1 root wheel 21824 Feb 23 13:45 /usr/bin/login*
hard to believe, but not everyone is using 5.x. ;) still, since 5.x is
stable and fast (...er than 4.x in many ways), i agree making extra work
in the name of 4.x is probably not the best idea when development
resources are already scare.
(of course if someone is paranoid and wants to make relevant patches
against 4.x, and maintain them seperately, i'm sure at least some people
wouldn't object.)
-m
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:03.jail"
- In reply to: Dag-Erling Smørgrav: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
