From owner-freebsd-security Fri Jun 23 8: 0:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from oxmail.ox.ac.uk (oxmail3.ox.ac.uk [129.67.1.180]) by hub.freebsd.org (Postfix) with ESMTP id C7DBF37B913 for ; Fri, 23 Jun 2000 08:00:14 -0700 (PDT) (envelope-from neil.long@computing-services.oxford.ac.uk) Received: from ratbert.oucs.ox.ac.uk ([163.1.14.71]) by oxmail.ox.ac.uk with esmtp (Exim 3.12 #1) id 135UwD-0001uq-00 for freebsd-security@freebsd.org; Fri, 23 Jun 2000 16:00:09 +0100 Received: from neil by ratbert.oucs.ox.ac.uk with local (Exim 3.14 #1) id 135Uvj-00032e-00 for freebsd-security@FreeBSD.ORG; Fri, 23 Jun 2000 15:59:39 +0100 From: "Neil Long" Message-Id: <1000623155939.ZM11694@ratbert.oucs.ox.ac.uk> Date: Fri, 23 Jun 2000 15:59:39 +0100 In-Reply-To: Mark Canter "Re: Fwd: WuFTPD:" (Jun 23, 1:42pm) References: X-Mailer: Z-Mail (5.0.0 30July97) To: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Looking, albeit briefly, at the exploit and the wu-ftpd src might it not be simpler to either define PARANOID (there is a configure option in 2.6) or just plain rip out SITE EXEC support altogether? I am not saying this is a fix but in the short term while the exploit code is still in early stages of widespread distribution (it has a "broken to avoid kids usage ;)" comment but I have not looked in to it.) Neil -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dr Neil J Long, Computing Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275 EMail: Neil.Long@computing-services.oxford.ac.uk PGP: ID 0xE88EF71F OxCERT: oxcert@ox.ac.uk PGP: ID 0x4B11561D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message