===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- www/errata.html 1998/02/09 21:56:33 1.60
+++ www/errata.html 1998/02/14 02:20:37 1.61
@@ -26,7 +26,35 @@
revision 1.13 of usr.bin/readlink/readlink.c.
+
IMPORTANT
+A combination localhost+remote host security problem exists if a
+local user running a setuid binary causes a non-existant root .rhosts
+file to be created via a symbolic link with a specific kind of corefile,
+and then subsequently uses rsh/rlogin to enter the machine from remote.
+A similar exploit might also be possible using sshd which lacks any code
+for checking for deviations from the expected format in the .rhosts or
+.shosts files, but we have not confirmed this yet. The following two
+fixes are recommended:
+
+
+
+This problem is fixed much better in OpenBSD-current, where the kernel's
+symbolic link handling has been improved such that coredumping will not
+create a file on the other side of a symbolic link. Such a patch is not
+possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
+
+
i386
@@ -319,7 +347,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.60 1998/02/09 21:56:33 jason Exp $
+
$OpenBSD: errata.html,v 1.61 1998/02/14 02:20:37 deraadt Exp $