If you have machines running -CURRENT from September 9 - September 29, _and_ you created an /etc/nsswitch.conf with any of `passwd: dns', `group: dns', `passwd_compat: dns', `group_compat: dns', then you are vulnerable to a local attack. So upgrade :-) (or just apply the small patch) -- Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] ----- Forwarded message from Jacques Vidrine <[EMAIL PROTECTED]> ----- Date: Fri, 29 Sep 2000 05:56:34 -0700 (PDT) From: Jacques Vidrine <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: cvs commit: src/lib/libc/net hesiod.c nectar 2000/09/29 05:56:34 PDT Modified files: lib/libc/net hesiod.c Log: Ignore HESIOD_CONFIG and HES_DOMAIN environmental variables for set-user-ID and set-group-ID programs. Suggested by: Danny Braniss <[EMAIL PROTECTED]> Revision Changes Path 1.2 +13 -3 src/lib/libc/net/hesiod.c ----- End forwarded message ----- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message