From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Jul 29 10:44:51 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA79024;
	Sun, 29 Jul 2001 10:44:51 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from rcpt-expgw.biglobe.ne.jp (rcpt-expgw.biglobe.ne.jp [210.147.6.215])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id KAA79019
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 29 Jul 2001 10:44:51 +0900 (JST)
	(envelope-from yatt@msc.biglobe.ne.jp)
Received: from smtp-gw.biglobe.ne.jp
	by rcpt-expgw.biglobe.ne.jp (8.9.3+3.2W/3.7W-01061908) with ESMTP id KAA07564
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 29 Jul 2001 10:44:25 +0900 (JST)
X-Biglobe-Sender: <yatt@msc.biglobe.ne.jp>
Received: from localhost (211.135.128.69 [211.135.128.69]) by smtp-gw.biglobe.ne.jp
	id KABAC0A82642; Sun, 29 Jul 2001 10:44:44 +0900 (JST)
Date: Sun, 29 Jul 2001 10:44:40 +0900 (JST)
Message-Id: <20010729.104440.46096704.yatt@msc.biglobe.ne.jp>
To: FreeBSD-users-jp@jp.freebsd.org
From: Yoichi ASAI <yatt@msc.biglobe.ne.jp>
In-Reply-To: <20010729092101.BE31.KUSUNOKI@mbox.kyoto-inet.or.jp>
References: <20010729092101.BE31.KUSUNOKI@mbox.kyoto-inet.or.jp>
X-Mailer: Mew version 2.0 on XEmacs 21.1.14 (Cuyahoga Valley)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 63301
Subject: [FreeBSD-users-jp 63301] Re: [Q] ports FORBIDDEN
 =?ISO-2022-JP?B?GyRCJWElQyU7ITwlOBsoQg==?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: yatt@msc.biglobe.ne.jp

$B@u0f$G$9!#(B

Kusunoki Kaoru <kusunoki@mbox.kyoto-inet.or.jp> $B$5$s$O=q$-$^$7$?!#(B

> FreeBSD 4.3 $B$K(B
> minicom $B$r(B ports $B$+$i%$%s%9%H!<%k$7$h$&$H$7$?$H$3$m(B
> $B:G?7$N(B port $B$G$O(B
> 
> ===> minicom-1.83.1_2 is forbidden:Local exploit yielding uid uucp
> 
> $B$,I=<($5$l!"%$%s%9%H!<%k$G$-$^$;$s$,!"$3$l$O(B
> uucp$B!!$,$"$k$N$G$=$l$r$D$+$(!"$b$7$/$O!!(Buucp $B$r$O$:$5$J$$$H%@%a$H$$$&$+!"(B
> $B$H$$$&$3$H$G$7$g$&$+!#(B

Local exploit yielding uid uucp $B$O!"!V%m!<%+%k$NIT@5MxMQ$r@8$`(B
uucp $B%f!<%6!W$r;HMQ$9$k$+$i4m81$G$9!"$H$$$&$3$H$G$7$g$&!#(B

> 1.
> $B$J$<!"D>6a$N(B Makefile 1.3.5 $B$^$G$O(B forbidden $B$5$l$F$J$+$C$?$b$N$,(B
> $B$3$&$J$C$?$N$4B8CN!"?d;!$G$-$kJ}$O$*$j$^$;$s$+!#(B
> 2.
> $B$=$7$F!"$+$j$K(Buucp $B$N4XO"%U%!%$%k$N$_$N:o=|$r$9$k$H$7$F!"$=$l$C$F2DG=$G(B
> $B$7$?$G$7$g$&$+!#(B
> pkg_delete $B$O$D$+$($J$$$H;W$C$F$k$N$G$9$,!#$$$+$,$G$7$g$&$+!#(B
> 3.
> ports $B$G(B FORBIDDEN $B$5$l$kM}M3$ND4$YJ}$ODL>o2?$r$7$?$i$o$+$j$^$9$+!#(B

$B$3$N(B port $B$K$D$$$F$O>\$7$/$J$$$N$G(B 3. $B$7$+Ez$($i$l$^$;$s$,!"(B
CVSweb $B$"$?$j$G(B CVS $B%3%_%C%H%m%0$rC5$k$N$,0lHV$N6aF;$G$7$g$&!#(B
minicom $B$N>l9g$O$3$l!#(B
http://www.freebsd.org/cgi/cvsweb.cgi/ports/comms/minicom/Makefile

$B%m%0$K$O!"(B

Mark FORBIDDEN; this port allows a local exploit yielding uid uucp
Submitted by:	empathy@feelings.com

$B$H=q$+$l$F$$$^$9$+$i!"",$3$NJ}$b$7$/$O(B comitter $B$5$s$K<ALd$9$k$HNI(B
$B$$$+$b$7$l$^$;$s!#(B

--
Yoichi ASAI ($B@u0f(B $BM[0l(B) <yatt@msc.biglobe.ne.jp>
