From owner-freebsd-security Tue May 22 21:45:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 3847E37B422 for ; Tue, 22 May 2001 21:45:44 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1461 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 22 May 2001 23:44:23 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 22 May 2001 23:44:04 -0500 (CDT) From: James Wyatt To: Alex Cc: "Sergey N. Voronkov" , Kris Kennaway , freebsd-security@FreeBSD.ORG Subject: Re: Is there a ftp vuln in 4.3-STABLE In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sergey N. Voronkov wrote: > When I'v found this staff in my logfiles I'v change native ftpd to luke's > one. Sorry, can't get core to you... And don't want to setup native daemon > to provide potential hole to someone. > > May 16 15:50:34 ftp /kernel: pid 5272 (ftpd), uid 14: exited on signal 11 > May 17 21:02:20 ftp /kernel: pid 11157 (ftpd), uid 14: exited on signal 11 On Wed, 23 May 2001, Alex replied: > Who owns UID 14 own that machine? Not root I presume. So the > process itself that segmentation faulted wasn't actually executed by root. > Is UID 14 an FTP account for running the daemon? The normal FreeBSD 'ftp' user is uid 14. I'd expect most of the default servers to be running that ID for anonymous file access. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message