COMMAND
	    BSD File Flags and Programming Techniques
SYSTEMS AFFECTED
	    FreeBSD 3.2 (and earlier), FreeBSD-current before the correction date
PROBLEM
	    BSD 4.4 added various  flags to files in  the file system.   These
	    flags control  various aspects  of which  operations are permitted
	    on those files.  Historically, root  has been been able to do  all
	    of these operations so many  programs that knew they were  running
	    as root didn't check to make sure that these operations succeeded.
	    A user  can set  flags and  mode on  the device  which they logged
	    into.  Since a bug in login and other similar programs causes  the
	    normal chown  to fail,  this first  user will  own the terminal of
	    any login.
	    Local users  can execute  a man-in-the-middle  attack against  any
	    other user (including  root) when the  other users logs  in.  This
	    give them the ability  to snoop and alter  all text that the  user
	    writes.  Results of this  include the ability to execute  commands
	    as the user, and stealing  the user's password (and anything  else
	    the  users  writes  over  the  connection, including passwords for
	    other machines).
SOLUTION
	    Corrected:
	
	        FreeBSD-3.3 RELEASE
	        FreeBSD-current as of 1999/08/02
	        FreeBSD-3.2-stable as of 1999/08/02
	        FreeBSD-2.2.8-stable as of 1999/08/04
	
	    Patches:
	
	        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:01/