From owner-freebsd-security Thu Jul 6 11: 7:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E07FA37BC22 for ; Thu, 6 Jul 2000 11:07:03 -0700 (PDT) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id PAA15093; Thu, 6 Jul 2000 15:06:10 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200007061806.PAA15093@ns1.via-net-works.net.ar> Subject: Re: ftpd and setproctitle() In-Reply-To: <4.3.2.7.2.20000706113724.04789470@localhost> from Brett Glass at "Jul 6, 0 11:49:06 am" To: brett@lariat.org (Brett Glass) Date: Thu, 6 Jul 2000 15:06:10 -0300 (GMT) Cc: security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Brett Glass escribió: > FreeBSD-current's ftpd already seems to have the correct arguments for > setproctitle. But do earlier versions require patching? (Alas, the > sources for earlier versions do not appear to be on any of Walnut > Creek's servers, so I can't tell.) Could folks who have sources for > 2.2.8, 3.4, 3.5, and 4.0 handy check this? (I usually do not > install full sources, and so am missing some of these.) 3.5-RELEASE: % grep -n proctitle * extern.h:61:void setproctitle __P((const char *, ...)); ftpcmd.y:88:extern char proctitle[]; ftpcmd.y:964: setproctitle("%s: %s", proctitle, cbuf); ftpd.c:204:char proctitle[LINE_MAX]; /* initial part of title */ ftpd.c:280: * Save start and extent of argv for setproctitle. ftpd.c:1090: snprintf(proctitle, sizeof(proctitle), ftpd.c:1092: sizeof(proctitle) - sizeof(remotehost) - ftpd.c:1096: snprintf(proctitle, sizeof(proctitle), ftpd.c:1098: sizeof(proctitle) - sizeof(remotehost) - ftpd.c:1100: setproctitle("%s", proctitle); ftpd.c:1113: snprintf(proctitle, sizeof(proctitle), ftpd.c:1115: setproctitle("%s", proctitle); ftpd.c:1906: snprintf(proctitle, sizeof(proctitle), "%s: connected (to %s)", ftpd.c:1910: snprintf(proctitle, sizeof(proctitle), "%s: connected", ftpd.c:1912: setproctitle("%s", proctitle); ftpd.c:2247:setproctitle(const char *fmt, ...) ftpd.c:2249:setproctitle(fmt, va_alist) Seems safe from this bug. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message