From owner-freebsd-security Fri Jul 7 15:19:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 2615737B756 for ; Fri, 7 Jul 2000 15:19:05 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id RAA03781; Fri, 7 Jul 2000 17:18:58 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-71.max1.wa.cyberlynk.net(207.227.118.71) by peak.mountin.net via smap (V1.3) id sma003779; Fri Jul 7 17:18:45 2000 Message-Id: <4.3.2.20000707171558.00ad9340@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Fri, 07 Jul 2000 17:18:17 -0500 To: Paul Hart , Brett Glass From: "Jeffrey J. Mountin" Subject: Re: ftpd and setproctitle() Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <4.3.2.7.2.20000706113724.04789470@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:53 PM 7/6/00 -0600, Paul Hart wrote: >The FreeBSD usage of setproctitle() in ftpd seems to have been fixed quite >some time ago (in 1995), between versions 1.13 and 1.14 of ftpd.c: > > >http://www.FreeBSD.org/cgi/cvsweb.cgi/src/libexec/ftpd/ftpd.c.diff?r1=1.13&r2=1.14 > >I'd say FreeBSD has been safe since 1995. :-) From CERT advisory CA-2000-13 [With respect to setproctitle()] it turns out that FreeBSD fixed this bug in the system ftpd back in 1996, so it is not present in all versions of FreeBSD since 2.2.0. Someone mention this as some PR on Bugtraq and here this certainly is conformation. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message