Re: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root

Subject: Re: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root
From: Steve Price (spricehiwaay.net)
Date: Tue Dec 28 1999 - 17:38:36 CST

• Next message: Markus Friedl: "Re: OpenSSH vulnerable to protocol flaw?"
• Previous message: Brian W. Buchanan: "Re: Mounting / Read-Only"
• In reply to: Spidey: "ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root"
• Reply: Steve Price: "Re: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 28 Dec 1999, Spidey wrote:

# Hi.
#
# I don't know if any of you took a look at this PR I made, but I think
# it would be a good idea.
#
# I would like to have your advice on the modifications I am
# suggesting.
#
# Also, it would be urgent to mark the port either as broken or commit
# the fix, as, right now, anyone who installs the amanda 2.3 package
# from the ports or the packages is very likely to get *wacked* by its
# local users.
#
# Should I have posted this earlier to the list? I thought someone would
# have noticed the PR...

I noticed the problem report. The 'patch' needs help, but I've
almost got something that I think accomplishes the spirit of the
PR at least. Look for it to get committed, later tonight.

-steve

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Markus Friedl: "Re: OpenSSH vulnerable to protocol flaw?"
• Previous message: Brian W. Buchanan: "Re: Mounting / Read-Only"
• In reply to: Spidey: "ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root"
• Reply: Steve Price: "Re: ports/15577: Amanda 2.3.0 runtar program allow any user to run tar as root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Tue Dec 28 1999 - 17:39:10 CST