From owner-freebsd-security  Mon Oct 14 18:02:53 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA10944
          for security-outgoing; Mon, 14 Oct 1996 18:02:53 -0700 (PDT)
Received: from precipice.shockwave.com (ppp-206-170-5-35.rdcy01.pacbell.net [206.170.5.35])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA10939;
          Mon, 14 Oct 1996 18:02:49 -0700 (PDT)
Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.6/8.7.3) with ESMTP id SAA07582; Mon, 14 Oct 1996 18:02:07 -0700 (PDT)
Message-Id: <199610150102.SAA07582@precipice.shockwave.com>
To: guido@gvr.win.tue.nl (Guido van Rooij)
cc: marcs@znep.com (Marc Slemko), security-officer@freebsd.org,
        freebsd-security@freebsd.org
Subject: Re: bin/1805: Bug in ftpd 
In-reply-to: Your message of "Mon, 14 Oct 1996 22:59:19 +0200."
             <199610142059.WAA02649@gvr.win.tue.nl> 
Date: Mon, 14 Oct 1996 18:02:07 -0700
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

At best, this needs to be on a flag, but the better choice in total would
be to clear all data structures when the library calls return (when using
getpwbyname() and bzero the data structures and context for the whole mess
if an endpwent() is done.

This is not a ftpd bug, and I think we shouldn't touch ftpd to fix it.

  From: guido@gvr.win.tue.nl (Guido van Rooij)
  Subject: Re: bin/1805: Bug in ftpd
  Marc Slemko wrote:
  > A more permanent fix to the source may be something along the lines of the
  > below patch (against RELENG_2_1_5_RELEASE), but there should be an
  > official fix out in the next little bit:
  > 
  
  I'm not really happy with this fix as well, but it's better than nothing.,
  The reason being that if ftp wants to dump core, it should dump core.
  If you prohibit this you'll never be able to debug any problems after
  somethuing went wrong. What should be done is make sure the buffers containin
>>g
  the sensitive info are cleared as soon as the info has been used.
  The same problem could show up with any other suid root program that reads
  the password databases. (if that is indeed the happening. It might also be
  that just the users password string is dumped only.)
  
  I'll investigate things tomorrow evening.
  
  -Guido