If you have machines running -CURRENT from September 9 - September
29, _and_ you created an /etc/nsswitch.conf with any of `passwd: dns',
`group: dns', `passwd_compat: dns', `group_compat: dns', then you
are vulnerable to a local attack.
So upgrade :-)
(or just apply the small patch)
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
----- Forwarded message from Jacques Vidrine <[EMAIL PROTECTED]> -----
Date: Fri, 29 Sep 2000 05:56:34 -0700 (PDT)
From: Jacques Vidrine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: cvs commit: src/lib/libc/net hesiod.c
nectar 2000/09/29 05:56:34 PDT
Modified files:
lib/libc/net hesiod.c
Log:
Ignore HESIOD_CONFIG and HES_DOMAIN environmental variables for
set-user-ID and set-group-ID programs.
Suggested by: Danny Braniss <[EMAIL PROTECTED]>
Revision Changes Path
1.2 +13 -3 src/lib/libc/net/hesiod.c
----- End forwarded message -----
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
