Date: Fri, 03 Apr 1998 15:48:34 -0500 From: Gary Schrock <root@eyelab.psy.msu.edu> To: Doug White <dwhite@resnet.uoregon.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SIGQUIT in login and ftpd? Message-ID: <199804032046.PAA13319@eyelab.psy.msu.edu> In-Reply-To: <Pine.BSF.3.96.980403123903.10860E-100000@gdi.uoregon.edu> References: <199804030238.VAA08763@eyelab.psy.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:40 PM 4/3/98 -0800, you wrote: >On Thu, 2 Apr 1998, Gary Schrock wrote: > >> Any ideas on what might be causing login or ftpd to get SIGQUIT signals? >> I've been seeing them periodically on one machine, and can't connect it up >> with anything else that looks odd at the time. > >There used to be a security hole with these (still is?) that SIGQUITting >them causes them to coredump, and in the dump is the password file. I >don't know if we fixed this or not, or if using login.conf limits we >disabled coredumps on normal daemons. Yeah, I recall seeing that one a while back, I thought it was fixed (although I haven't tried going through the core files to see if anything like that was there). As I recall, to abuse that took access to the machine. With this particular machine, it's not overly likely that anyone that has access to it would be doing this (to be honest, I think the technique is above all but a couple of the people, and those people already have root access on the machine to begin with). As far as I've been able to tell by comparing logs from around when they occured, I haven't found anything that suspiciously corresponds to it. Hmm, although this is a machine that we do get frequent attempts to connect to telnet or ftp accidentally (it's a mud machine, and we'll get connection attempts from people that forget to stick the port numbers on their command). I don't know if there's a way to get these processes to die like that externally. Gary Schrock root@eyelab.msu.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804032046.PAA13319>