From owner-freebsd-security Sat Jan 10 19:27:54 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA02867 for security-outgoing; Sat, 10 Jan 1998 19:27:54 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA02822 for ; Sat, 10 Jan 1998 19:27:37 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id XAA21563; Sat, 10 Jan 1998 23:11:45 +0100 (MET) From: Guido van Rooij Message-Id: <199801102211.XAA21563@gvr.gvr.org> Subject: Re: riptrace.c (fwd) In-Reply-To: <199801091619.LAA08275@khavrinen.lcs.mit.edu> from Garrett Wollman at "Jan 9, 98 11:19:48 am" To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Date: Sat, 10 Jan 1998 23:11:44 +0100 (MET) Cc: igor@alecto.physics.uiuc.edu, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Garrett Wollman wrote: > < > > I probably should have tested it myself, > > but don't have possibility at the moment. > > So, the question is: > > Is FreeBSD vulnerable to this or to a modified exploit ? > > No. FreeBSD's routed will only permit remote control of tracing under > the following conditions: > > 1) A trace file was specified on the routed command line. > 2) The requested trace file is the same as the one specified in (1). > > See routed/trace.c for details. More correctly: freeBSD versions 2.2.* are not vulnerable. 2.1.* and earlier are vulnerable. -Guido