Date: Fri, 03 Apr 1998 16:04:41 -0500 From: Gary Schrock <root@eyelab.psy.msu.edu> To: freebsd-questions@FreeBSD.ORG Subject: Re: SIGQUIT in login and ftpd? Message-ID: <199804032102.QAA13466@eyelab.psy.msu.edu> In-Reply-To: <199804032046.PAA13319@eyelab.psy.msu.edu> References: <Pine.BSF.3.96.980403123903.10860E-100000@gdi.uoregon.edu> <199804030238.VAA08763@eyelab.psy.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:48 PM 4/3/98 -0500, you wrote: >>There used to be a security hole with these (still is?) that SIGQUITting >>them causes them to coredump, and in the dump is the password file. I >>don't know if we fixed this or not, or if using login.conf limits we >>disabled coredumps on normal daemons. > >Yeah, I recall seeing that one a while back, I thought it was fixed >(although I haven't tried going through the core files to see if anything >like that was there). As I recall, to abuse that took access to the Hmm, I guess the fix that was done was to make the core file not world readable, since the encrypted passwords definitely show up in the core file. It appears the connection was established from outside the machine (from looking at the output of strings). Nobody was logged into the machine at the time the connection attempt was made and login SIGQUIT'ed. I guess the real question is whether this might be an indication of something flakey with the machine, or whether this is something that is known to happen occaisionally with bad login attempts. Gary Schrock root@eyelab.msu.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804032102.QAA13466>