From owner-freebsd-security  Fri Jan  9 08:20:05 1998
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA14871
          for security-outgoing; Fri, 9 Jan 1998 08:20:05 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA14811
          for <security@FreeBSD.ORG>; Fri, 9 Jan 1998 08:19:56 -0800 (PST)
          (envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.8.8/8.8.5) id LAA08275;
	Fri, 9 Jan 1998 11:19:48 -0500 (EST)
Date: Fri, 9 Jan 1998 11:19:48 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199801091619.LAA08275@khavrinen.lcs.mit.edu>
To: igor@alecto.physics.uiuc.edu (Igor Roshchin)
Cc: security@FreeBSD.ORG
Subject: riptrace.c (fwd)
In-Reply-To: <199801082251.QAA14645@alecto.physics.uiuc.edu>
References: <199801082251.QAA14645@alecto.physics.uiuc.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

<<On Thu, 8 Jan 1998 16:51:45 -0600 (CST), igor@alecto.physics.uiuc.edu (Igor Roshchin) said:

> I probably should have tested it myself,
> but don't have possibility at the moment.
> So, the question is:
> Is FreeBSD vulnerable to this or to a modified exploit ?

No.  FreeBSD's routed will only permit remote control of tracing under
the following conditions:

1) A trace file was specified on the routed command line.
2) The requested trace file is the same as the one specified in (1).

See routed/trace.c for details.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick