From owner-freebsd-security  Thu Jul  6 13:15:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4838037B945
	for <security@FreeBSD.ORG>; Thu,  6 Jul 2000 13:15:24 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id OAA28204;
	Thu, 6 Jul 2000 14:15:08 -0600 (MDT)
Message-Id: <4.3.2.7.2.20000706135700.043ea100@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 06 Jul 2000 14:08:21 -0600
To: "Chris D. Faulhaber" <jedgar@fxp.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: ftpd and setproctitle()
Cc: Matt Heckaman <matt@ARPA.MAIL.NET>, security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.21.0007061536400.59495-100000@pawn.primelocatio
 n.net>
References: <4.3.2.7.2.20000706132133.04a94ad0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 01:42 PM 7/6/2000, Chris D. Faulhaber wrote:
  
>http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/ftpd/ftpd.c.diff?r1=1.13&r2=1.14

Y'know, there's a VERY interesting comment in there:

>/*
> * Clobber argv so ps will show what we're doing.  (Stolen from sendmail.)
> *

Which explains how it got into ftpd in the first place.

I checked the Sendmail sources, and apparently they wrap setproctitle() in
a routine called sm_setproctitle(). They're safe, but the folks who copied
were not.

--Brett




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message