From owner-freebsd-security Tue May 22 21:35:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from magnetar.blackhatnetworks.com (magnetar.blackhatnetworks.com [65.166.202.3]) by hub.freebsd.org (Postfix) with ESMTP id 37AB537B424 for ; Tue, 22 May 2001 21:35:36 -0700 (PDT) (envelope-from alex@nixfreak.org) Received: from localhost (alex@localhost.blackhatnetworks.com [127.0.0.1]) by magnetar.blackhatnetworks.com (8.x/8.x) with ESMTP id f4N4ZFt10655; Wed, 23 May 2001 00:35:15 -0400 (EDT) Date: Wed, 23 May 2001 00:35:15 -0400 (EDT) From: Alex X-X-Sender: To: "Sergey N. Voronkov" Cc: Kris Kennaway , Subject: Re: Is there a ftp vuln in 4.3-STABLE In-Reply-To: <20010523100448.A15088@sv.tech.sibitex.tmn.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > When I'v found this staff in my logfiles I'v change native ftpd to luke's > one. Sorry, can't get core to you... And don't want to setup native daemon > to provide potential hole to someone. > > May 16 15:50:34 ftp /kernel: pid 5272 (ftpd), uid 14: exited on signal 11 > May 17 21:02:20 ftp /kernel: pid 11157 (ftpd), uid 14: exited on signal 11 Who owns UID 14 own that machine? Not root I presume. So the process itself that segmentation faulted wasn't actually executed by root. Is UID 14 an FTP account for running the daemon? -Alex > > Also I have one questtion: how to setup ftpd to allow it dumping core to > specified destination? > > Bye, > > Serg N. Voronkov > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message