COMMAND

    restore0.9

SYSTEMS AFFECTED

    NeXT Release 1.0 and 1.0a

PROBLEM

    A  script  exists  in  /usr/etc/restore0.9  that is a setuid shell
    script.   The existence  of this  script is  a potential  security
    problem.

    The  script  is  only  needed  during the installation process and
    isn't needed for normal usage.   It is possible for any logged  in
    user to gain root access.

SOLUTION

    NeXT  owners   running  Release   1.0  or   1.0a  should    remove
    /usr/etc/restore0.9 from  all disks.   This file  is installed  by
    the  "BuildDisk"  application,  so  it  should be removed from all
    systems built with the standard release disk, as well as from  the
    standard release  disk itself  (which will  prevent the  file from
    being installed on system built with the standard release disk  in
    the future).   You must  be root  to remove  this script,  and the
    command that will remove the script is the following:

    # /bin/rm /usr/etc/restore0.9