Date: Fri, 23 Jun 2000 15:59:39 +0100 From: "Neil Long" <neil.long@computing-services.oxford.ac.uk> To: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Message-ID: <1000623155939.ZM11694@ratbert.oucs.ox.ac.uk> In-Reply-To: Mark Canter <marcus@doutlets.com> "Re: Fwd: WuFTPD:" (Jun 23, 1:42pm) References: <Pine.BSF.4.21.0006231340220.29969-100000@www.doutlets.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Looking, albeit briefly, at the exploit and the wu-ftpd src might it not be simpler to either define PARANOID (there is a configure option in 2.6) or just plain rip out SITE EXEC support altogether? I am not saying this is a fix but in the short term while the exploit code is still in early stages of widespread distribution (it has a "broken to avoid kids usage ;)" comment but I have not looked in to it.) Neil -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dr Neil J Long, Computing Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275 EMail: Neil.Long@computing-services.oxford.ac.uk PGP: ID 0xE88EF71F OxCERT: oxcert@ox.ac.uk PGP: ID 0x4B11561D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1000623155939.ZM11694>