From owner-freebsd-hackers  Mon Oct 21 09:23:32 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA22325
          for hackers-outgoing; Mon, 21 Oct 1996 09:23:32 -0700 (PDT)
Received: from black.oaktree.co.uk (black.oaktree.co.uk [194.217.216.129])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA22283
          for <freebsd-hackers@freefall.freebsd.org>; Mon, 21 Oct 1996 09:23:24 -0700 (PDT)
Received: (from jon@localhost) 
          by black.oaktree.co.uk (8.7.5/8.7.3) id RAA24616;
          Mon, 21 Oct 1996 17:21:37 +0100 (BST)
From: Jon Ribbens <jon@oaktree.co.uk>
Message-Id: <199610211621.RAA24616@black.oaktree.co.uk>
Subject: Re: setuid, core dumps, ftpd, and DB
To: thorpej@nas.nasa.gov
Date: Mon, 21 Oct 1996 17:21:37 +0100 (BST)
Cc: jon@oaktree.co.uk, tech-userlevel@netbsd.org,
        freebsd-hackers@freefall.freebsd.org
In-Reply-To: <199610211534.IAA10359@lestat.nas.nasa.gov> from "Jason Thorpe" at Oct 21, 96 08:34:20 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Jason Thorpe wrote:
>  > > * In the particular case of ftpd, if you've logged in as a user other
>  > > than root, then your saved, real, and effective uids do not match, so
>  > > the previous check we used to use (ruid != svuid || ruid != euid)
>  > > would catch this.  So, unless you're logged in as root, you'd be hard
>  > > pressed to get ftpd to core dump.
>  > 
>  > (except on 1.1, when it's easy)
> 
> In which case you should either:
> 
> 	* Upgrade to a more recent release, or
> 
> 	* modify your kern_sig.c to perform the same check as
> 	  NetBSD-current's kern_sig.c.

Well, yes, I know that, and I've done the second option. But there's
bound to be a lot of people using 1.1 for a long time yet.

Cheers


Jon
____
\  //    Jon Ribbens    //
 \// jon@oaktree.co.uk //