> It appears from source examination that P_SUGID is forgotten at fork()
 > time. 

When FreeBSD discovered this about a month ago and it appeared on
bugtraq(*), I forwarded the info to security-officer, and received
word back it had been fixed. I can't find the actual message,
unfortunately, but I found another message referring to it.

If the fix didn't in fact make it in that time (would have been
Feb. 17th or 18th, I believe)... well, that's kinda bad. :(


(*) Nobody on bugtraq mentioned any of the interesting possibilities
besides being able to get rlogin cores and thus maybe shadow
passwords. I've been waiting for AUSCERT so I haven't posted it
myself... 

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino