Date: Thu, 06 Jul 2000 14:08:21 -0600 From: Brett Glass <brett@lariat.org> To: "Chris D. Faulhaber" <jedgar@fxp.org> Cc: Matt Heckaman <matt@ARPA.MAIL.NET>, security@FreeBSD.ORG Subject: Re: ftpd and setproctitle() Message-ID: <4.3.2.7.2.20000706135700.043ea100@localhost> In-Reply-To: <Pine.BSF.4.21.0007061536400.59495-100000@pawn.primelocatio n.net> References: <4.3.2.7.2.20000706132133.04a94ad0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:42 PM 7/6/2000, Chris D. Faulhaber wrote: >http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/ftpd/ftpd.c.diff?r1=1.13&r2=1.14 Y'know, there's a VERY interesting comment in there: >/* > * Clobber argv so ps will show what we're doing. (Stolen from sendmail.) > * Which explains how it got into ftpd in the first place. I checked the Sendmail sources, and apparently they wrap setproctitle() in a routine called sm_setproctitle(). They're safe, but the folks who copied were not. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000706135700.043ea100>