COMMAND

    BSD File Flags and Programming Techniques

SYSTEMS AFFECTED

    FreeBSD 3.2 (and earlier), FreeBSD-current before the correction date

PROBLEM

    BSD 4.4 added various  flags to files in  the file system.   These
    flags control  various aspects  of which  operations are permitted
    on those files.  Historically, root  has been been able to do  all
    of these operations so many  programs that knew they were  running
    as root didn't check to make sure that these operations succeeded.
    A user  can set  flags and  mode on  the device  which they logged
    into.  Since a bug in login and other similar programs causes  the
    normal chown  to fail,  this first  user will  own the terminal of
    any login.

    Local users  can execute  a man-in-the-middle  attack against  any
    other user (including  root) when the  other users logs  in.  This
    give them the ability  to snoop and alter  all text that the  user
    writes.  Results of this  include the ability to execute  commands
    as the user, and stealing  the user's password (and anything  else
    the  users  writes  over  the  connection, including passwords for
    other machines).

SOLUTION

    Corrected:

        FreeBSD-3.3 RELEASE
        FreeBSD-current as of 1999/08/02
        FreeBSD-3.2-stable as of 1999/08/02
        FreeBSD-2.2.8-stable as of 1999/08/04

    Patches:

        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:01/