From owner-freebsd-security Fri Jun 23 12:52:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 821B437BA30 for ; Fri, 23 Jun 2000 12:52:20 -0700 (PDT) (envelope-from mike@sentex.ca) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id PAA39834; Fri, 23 Jun 2000 15:52:19 -0400 (EDT) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id PAA28284; Fri, 23 Jun 2000 15:52:15 -0400 (EDT) Message-Id: <3.0.5.32.20000623154848.02d2d6c0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 23 Jun 2000 15:48:48 -0400 To: Garrett Wollman From: Mike Tancsa Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200006231713.NAA49665@khavrinen.lcs.mit.edu> References: <4.2.2.20000622201823.0479a690@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about --enable-paranoid as part of the config ? As so much seems to be related to the site exec command, perhaps its best to just disable this ? ---Mike At 01:13 PM 6/23/00 -0400, Garrett Wollman wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >< said: > >> (Does anyone actually still run it?) > >Absolutely. > >Here's a patch (mangled by cut&paste) which hacks around the problem. >Stick it in patches/patch-ftpcmd.y-MIT-IS for best results. This hack >was put together by MIT Information Systems as a stopgap until the >wu-ftpd developers come up with an official fix. > >*** src/ftpcmd.y.old Fri Jun 23 00:44:11 2000 >- --- src/ftpcmd.y Fri Jun 23 00:48:36 2000 >*************** >*** 1460,1469 **** >- --- 1460,1474 ---- > if (wu_getline(cbuf, sizeof(cbuf) - 1, stdin) == NULL) { > (void) alarm(0); > reply(221, "You could at least say goodbye."); > dologout(0); > } >+ else if (strchr(cbuf, '%')) { >+ (void) alarm(0); >+ reply(421, "The command line contained a %% character."); >+ dologout(0); >+ } > #ifndef IGNORE_NOOP > (void) alarm(0); > #endif > if ((cp = strchr(cbuf, '\r'))) { > *cp++ = '\n'; >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.1 (FreeBSD) >Comment: For info see http://www.gnupg.org > >iD8DBQE5U5qlI+eG6b7tlG4RAqNBAJ9dLOLVO3hBhNM22gBMtrJYttCO0ACgobsD >E9wtuVVqPIpjNoBO0hY3Dqo= >=fbsD >-----END PGP SIGNATURE----- > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > > > ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Sentex Communications mike@sentex.net Cambridge, Ontario Canada www.sentex.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message