From owner-freebsd-security Mon Oct 14 18:01:41 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA10907 for security-outgoing; Mon, 14 Oct 1996 18:01:41 -0700 (PDT) Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA10902; Mon, 14 Oct 1996 18:01:38 -0700 (PDT) Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id SAA08402; Mon, 14 Oct 1996 18:01:15 -0700 (PDT) From: Don Lewis Message-Id: <199610150101.SAA08402@salsa.gv.ssi1.com> Date: Mon, 14 Oct 1996 18:01:15 -0700 In-Reply-To: guido@gvr.win.tue.nl (Guido van Rooij) "Re: bin/1805: Bug in ftpd" (Oct 14, 10:59pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: guido@gvr.win.tue.nl (Guido van Rooij), marcs@znep.com (Marc Slemko) Subject: Re: bin/1805: Bug in ftpd Cc: security-officer@freebsd.org, freebsd-security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Oct 14, 10:59pm, Guido van Rooij wrote: } Subject: Re: bin/1805: Bug in ftpd } Marc Slemko wrote: } > A more permanent fix to the source may be something along the lines of the } > below patch (against RELENG_2_1_5_RELEASE), but there should be an } > official fix out in the next little bit: } > } } I'm not really happy with this fix as well, but it's better than nothing., But not much ... There's nothing stopping someone to attaching to the process with the debugger and dumping out the locations in memory that contain the secret stuff. } The reason being that if ftp wants to dump core, it should dump core. } If you prohibit this you'll never be able to debug any problems after } somethuing went wrong. What should be done is make sure the buffers containing } the sensitive info are cleared as soon as the info has been used. Yes, it is important that any copies of this information are destroyed before the process changes its uid. --- Truck