At 4:28 PM -0500 6/11/98, Steve Siirila wrote: >I can confirm that the patch 104490-05 is indeed ineffective against at least >one root compromise bug. We experienced such a compromise recently even with >the latest security patches (including 104490-05) installed. > >We decided to simply make ufsdump/ufsrestore non-setuid, non-setgid as they >are never run by non-root users at our site anyways. We also have evidence patch 104490-05 does not fully address the problem. In a e-mail responce we received from Sun on May 23 in regards to our security concerns about ufsrestore at current patch level, they stated they were working on patches for ufsrestore. Richard Peters University of California at Berkeley
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:33 PDT