Date: Mon, 14 Oct 1996 19:01:59 -0400 From: Jeff Evans <evans@fubar.cl.msu.edu> To: freebsd-security@freebsd.org Subject: Re: bin/1805: Bug in ftpd Message-ID: <199610142301.TAA01206@fubar.cl.msu.edu>
next in thread | raw e-mail | index | archive | help
Marc Slemko wrote: > A more permanent fix to the source may be something along the lines of the > below patch (against RELENG_2_1_5_RELEASE), but there should be an > official fix out in the next little bit: > > >I'm not really happy with this fix as well, but it's better than nothing., >The reason being that if ftp wants to dump core, it should dump core. >If you prohibit this you'll never be able to debug any problems after >somethuing went wrong. What should be done is make sure the buffers containing >the sensitive info are cleared as soon as the info has been used. >The same problem could show up with any other suid root program that reads >the password databases. (if that is indeed the happening. It might also be >that just the users password string is dumped only.) > >I'll investigate things tomorrow evening. > >-Guido At least on a FreeBSD 2.1.0-RELEASE #0 running wu-ftp version wu-2.4(3), an ftpd core file shows about 33 encrypted entries in a password file of 667. I didn't use the exact work around posted, but the following seemed to do the job: #!/usr/local/bin/tcsh limit -h coredumpsize 0 exec /usr/local/ftpd/libexec/ftpd $argv entry from /etc/inetd.conf: ftp stream tcp nowait root /usr/local/ftpd/libexec/ftpd.wrapper ftpd I attempted to cause a core file using Qualicomm's qpopper2.2, but couldn't get it to leave a core file (possibly due to insufficient quota or the working directory being /). Are there any other programs that use getpwnam or the like that run as root and then switch to a user after? Jeff -- -------------------------------------------------------------------------- Jeff Evans - evans@msu.edu - http://clunix.cl.msu.edu/~evans --------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610142301.TAA01206>