From owner-doc-jp-work@jp.FreeBSD.org Wed May 22 00:09:15 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g4LF9Fi10454;
	Wed, 22 May 2002 00:09:15 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.160.21])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with SMTP/inet id g4LF9Ev10448
	for <doc-jp-work@jp.FreeBSD.org>; Wed, 22 May 2002 00:09:14 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 28793 invoked from network); 22 May 2002 00:09:12 +0900
Received: from unknown (HELO localhost) (210.165.137.222)
  by mx.bl.mmtr.or.jp with SMTP; 22 May 2002 00:09:12 +0900
Date: Tue, 21 May 2002 19:44:20 +0900 (JST)
Message-Id: <20020521.194420.92586837.rushani@bl.mmtr.or.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <20020521.032240.112622950.hrs@eos.ocn.ne.jp>
References: <200205201608.g4KG8Ee23981@freefall.freebsd.org>
	<20020521.032240.112622950.hrs@eos.ocn.ne.jp>
Organization: Nagaoka National College of Technology
X-PGP-Fingerprint: A052 6F98 6146 6FE3 91E2  DA6B F2FA 2088 439A DC57
X-URL: http://www.bl.mmtr.or.jp/~rushani/
X-Mailer: Mew version 3.0.54 on Emacs 21.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020417
X-Sequence: doc-jp-work 370
Subject: [doc-jp-work 370] Re: ANNOUNCE: FreeBSD Security Advisory
 FreeBSD-SA-02:25.bzip2
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: rushani@bl.mmtr.or.jp

$BARIJ$G$9(B.
$B$*$D$+$l$5$^$G$9(B.
>>> On Tue, 21 May 2002 03:22:40 +0900 (JST), Hiroki Sato <hrs@eos.ocn.ne.jp> said:

> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
[...]
>  02:25 $B$G$9!#(B

$B$[$H$s$ILdBj$J$$$H;W$&$s$G$9$,!D(B,

> III. $B1F6AHO0O(B - Impact
> 
> 1) Files may be inadvertently overwritten without warning.
> 1) $B%U%!%$%k$,7Y9p$J$7$K>e=q$-$5$l$k4m81@-$,$"$j$^$9!#(B
> 
> 2) Due to the race condition between creating files and setting proper
> permissions, a local user may be able to read the contents of files
> regardless of their intended permissions.
> 2) $B%U%!%$%k$N:n@.$HE,@Z$J5v2DB0@-$N@_Dj$N4V$K6%9g>uBV$,B8:_$9$k$?$a!"(B
>    $B%m!<%+%k%f!<%6$O@_Dj$7$h$&$H$7$F$$$k5v2DB0@-$H$OL54X78$K!"(B
>    $B$=$N%U%!%$%k$NFbMF$rFI$`$3$H$,$G$-$k2DG=@-$,$"$j$^$9!#(B

  $B!V@_Dj$7$h$&$H$7$F$$$k5v2DB0@-$H$OL54X78$K!"%m!<%+%k%f!<%6$,(B
    $B$=$N%U%!%$%k$NFbMF$rFI$`$3$H$,$G$-$k2DG=@-$,$"$j$^$9!#!W(B

$B$H$7$?J}$,F|K\8l$H$7$F$O$$$$$s$G$O$J$$$+$H;W$$$^$9(B.

----
Hideyuki KURASHINA              / Nagaoka National College of Technology
rushani@{bl.mmtr,yk.rim}.or.jp /  ac14806t@st.nagaoka-ct.ac.jp
