[原文]NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses exec() to spawn a replacement process that can defeat ptrace()'s check on P_SUGID. This flaw will allow debugger attachment to the replacement process, leading to a loss of integrity.
Upgrade to version 2.1 after the correction date or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds: mount filesystems with the nosuid option, or remove setuid bits or general user access from setuid programs. These workarounds are likely to affect required functionality.