[12225] in bugtraq
Re: Your Message Sent on Mon, 11 Oct 1999 18:09:36 +0200
daemon@ATHENA.MIT.EDU (Darren Moffat)
Tue Oct 12 17:16:35 1999
Mime-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-Md5: xZWVcPv4DdQjALA1HDYrCg==
Message-Id: <199910121835.TAA07158@otis.UK.Sun.COM>
Date: Tue, 12 Oct 1999 11:35:09 -0700
Reply-To: Darren Moffat <darren.moffat@sunuk.UK.Sun.COM>
From: Darren Moffat <darren.moffat@SUNUK.UK.SUN.COM>
X-To: Bruno.Treguier@SHOM.FR
To: BUGTRAQ@SECURITYFOCUS.COM
>We called Sun today, and obviously they don't give a damn. They refuse to
>consider this as a bug, as long as it is possible to correct the problem via
>the rmmount.conf file (which is true).
Firstly I can only give my applogies for this, and assure everyone on
BUGTRAQ that I am looking into this. We at Sun do care about security
and we try to react to the information we get on this forum as quickly
as possible. However not everyone at Sun is security aware and people
do make mistakes.
The behaviour is a bug (Bug Ref# 4205437) and it is being fixed. For
those people who have a service contract you should be able to call up
and register your interest in that bug, it has been escalated to
engineering for patch production and temporary fixes are available for
those with service contracts.
If you have a service contract and have any problems with this
particular bug then please contact me directly with the service order
number you were given by Sun Enterprise Services.
Note that the following workaround is still valid:
Append the following to /etc/rmmount.conf
mount hsfs -o nosuid
mount ufs -o nosuid
--
Darren J Moffat
