[16194] in bugtraq
FreeBSD and suidperl
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Aug 11 22:35:08 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0008101439330.54452-100000@freefall.freebsd.org>
Date: Thu, 10 Aug 2000 14:43:17 -0700
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Just wanted to confirm for the audience that no versions of FreeBSD are
vulnerable to the suidperl exploit because of the hardcoded /bin/mail path
which does not exist on FreeBSD (all 4.4BSD-derived systems?).
We won't be releasing an advisory, because I think releasing an advisory
saying nothing but "Attention! Attention! This program is not insecure!
Carry on." is silly :-)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
