From owner-freebsd-security Tue Apr 23 19:54: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by hub.freebsd.org (Postfix) with SMTP id 4027F37B416 for ; Tue, 23 Apr 2002 19:54:03 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 24 Apr 2002 02:52:45 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id WAA04295 for ; Tue, 23 Apr 2002 22:52:28 -0400 (EDT) Received: from spirit.dynas.se (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with SMTP id g3O2s1t01221 for ; Tue, 23 Apr 2002 22:54:01 -0400 (EDT) Received: (qmail 24133 invoked from network); 24 Apr 2002 02:53:55 -0000 Received: from explorer.rsa.com (HELO mikko.rsa.com) (10.81.217.59) by spirit.se.eu.rsa.net with SMTP; 24 Apr 2002 02:53:55 -0000 Received: (from mikko@localhost) by mikko.rsa.com (8.11.6/8.11.6) id g3O2rrM33014; Tue, 23 Apr 2002 19:53:53 -0700 (PDT) (envelope-from mikko) Date: Tue, 23 Apr 2002 19:53:53 -0700 (PDT) From: Mikko Tyolajarvi Message-Id: <200204240253.g3O2rrM33014@mikko.rsa.com> To: blaz@si.FreeBSD.org Cc: security@freebsd.org Orig-To: Blaz Zupan Subject: Re: segfault in ftpd Newsgroups: local.freebsd.security References: <20020423225805.Q93786-100000@titanic.medinet.si> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In local.freebsd.security you write: >For some time now I see messages like this in the logs on our webserver: >pid 36861 (ftpd), uid 29987: exited on signal 11 >This is with the stock ftpd on 4.5-RELEASE-p3 (users use it to upload their >web pages to it). I compiled ftpd with -g and tried to set it up so that I get >a coredump. I configured: > mkdir /var/coredumps > chmod 1777 /var/coredumps > sysctl kern.corefile=/var/coredumps/%U.%N.%P.core >Now I can create a simple program that crashes and the core will be written to >/var/coredumps. But ftpd simply does not want to create a coredump. As far as >I can see, /etc/login.conf specifies coredumpsize=unlimited. Is there anything >else I need to configure or tune to be able to catch a coredump? Try: sysctl kern.sugid_coredump=1 If ftpd crashes after user login, then UID != EUID (which is what makes it such a security problem in the first place -- how often do you _really_ need to change user in the middle of an ftp session? It should just switch uid and be done with it, IMHO). $.02, /Mikko -- Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message