From owner-freebsd-security Sat May 31 16:19:28 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA22015 for security-outgoing; Sat, 31 May 1997 16:19:28 -0700 (PDT) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA22010 for ; Sat, 31 May 1997 16:19:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with SMTP id QAA14848; Sat, 31 May 1997 16:21:17 -0700 (PDT) Message-Id: <199705312321.QAA14848@implode.root.com> X-Authentication-Warning: implode.root.com: localhost [127.0.0.1] didn't use HELO protocol To: Gary Schrock cc: freebsd-security@FreeBSD.ORG Subject: Re: ftpd signal handler race? In-reply-to: Your message of "Sat, 31 May 1997 14:21:55 EDT." <3.0.2.32.19970531142155.006dec74@eyelab.msu.edu> From: David Greenman Reply-To: dg@root.com Date: Sat, 31 May 1997 16:21:17 -0700 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Regarding the CERT announcement just recently about a problem with ftpd, >according to the information there it was implied that only 2.2+ was fixed, >and that the changes weren't in the 2.1 line. When looking through the cvs >logs on the freebsd web site, I ran across a checkin on the RELENG_2_1_0 >line that seemed to imply that this problem was fixed. So is it true that >if one's tracking the 2.1-STABLE line then this problem has been fixed >regardless of what the cert announcement says? I was the one who originally discovered the security hole and informed CERT. The bug was fixed in the 2.2 tree prior to the 2.2.0 release and was merged (by pst) into the 2.1 branch prior to the 2.1.7 release. So the answer is "yes", the problem is fixed in the 2.1-stable branch and if you're tracking that then you don't need to worry about it. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project