*BSD News Article 88628


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!newsxfer3.itd.umich.edu!agate!theos.com!deraadt
From: deraadt@theos.com (Theo de Raadt)
Newsgroups: comp.os.linux.advocacy,comp.unix.bsd.misc,comp.os.linux.misc
Subject: Re: Linux vs BSD
Date: 07 Feb 1997 14:35:45 GMT
Organization: Theo Ports Kernels For Fun And Profit
Lines: 19
Message-ID: <DERAADT.97Feb7073546@zeus.theos.com>
References: <32DFFEAB.7704@usa.net> <KETIL-ytqiv47v56j.fsf@pinro.imr.no>
	<5daavp$8lp@panix2.panix.com> <KETIL-ytqbu9yfheu.fsf@imr.no>
	<5dfcpj$t45@agate.berkeley.edu>
NNTP-Posting-Host: zeus.theos.com
In-reply-to: nickkral@cal.alumni.berkeley.edu's message of 7 Feb 1997 14:04:35 GMT
Xref: euryale.cc.adfa.oz.au comp.os.linux.advocacy:82823 comp.unix.bsd.misc:2368 comp.os.linux.misc:156837

In article <5dfcpj$t45@agate.berkeley.edu> nickkral@cal.alumni.berkeley.edu (Nick Kralevich) writes:
   I'm suprised that no one has mentioned that all current FreeBSD releases
   have a bug that allows ANY suid program to be used to gain root access.

Please don't extrapolate this towards the other BSD systems, though ;)

Actually, BSD code was far from perfect.  No code ever is.  Except
perhaps /usr/bin/true.

   Or the fact that FreeBSD security holes aren't even posted to the
   FreeBSD newsgroup.  

Or that the bug was reported in many public places more than a week
ago by Thomas Ptacek.  But I can see how absolutely harrowing this
discovery must be to the FreeBSD developers.

--
This space not left unintentionally unblank.		deraadt@theos.com
www.OpenBSD.org -- We're fixing security problems so you can sleep at night.