Date: Mon, 21 Oct 1996 17:21:37 +0100 (BST) From: Jon Ribbens <jon@oaktree.co.uk> To: thorpej@nas.nasa.gov Cc: jon@oaktree.co.uk, tech-userlevel@netbsd.org, freebsd-hackers@freefall.freebsd.org Subject: Re: setuid, core dumps, ftpd, and DB Message-ID: <199610211621.RAA24616@black.oaktree.co.uk> In-Reply-To: <199610211534.IAA10359@lestat.nas.nasa.gov> from "Jason Thorpe" at Oct 21, 96 08:34:20 am
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Thorpe wrote: > > > * In the particular case of ftpd, if you've logged in as a user other > > > than root, then your saved, real, and effective uids do not match, so > > > the previous check we used to use (ruid != svuid || ruid != euid) > > > would catch this. So, unless you're logged in as root, you'd be hard > > > pressed to get ftpd to core dump. > > > > (except on 1.1, when it's easy) > > In which case you should either: > > * Upgrade to a more recent release, or > > * modify your kern_sig.c to perform the same check as > NetBSD-current's kern_sig.c. Well, yes, I know that, and I've done the second option. But there's bound to be a lot of people using 1.1 for a long time yet. Cheers Jon ____ \ // Jon Ribbens // \// jon@oaktree.co.uk //
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610211621.RAA24616>