From owner-freebsd-security  Fri Nov  7 16:46:39 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA05167
          for security-outgoing; Fri, 7 Nov 1997 16:46:39 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA05141
          for <security@FreeBSD.ORG>; Fri, 7 Nov 1997 16:46:18 -0800 (PST)
          (envelope-from roberto@keltia.freenix.fr)
Received: (from uucp@localhost)
	by frmug.org (8.8.8/frmug-2.1/nospam) with UUCP id BAA15307
	for security@FreeBSD.ORG; Sat, 8 Nov 1997 01:46:13 +0100 (CET)
	(envelope-from roberto@keltia.freenix.fr)
Received: (from roberto@localhost)
        by keltia.freenix.fr (8.8.7/keltia-2.12/nospam) id BAA01319;
        Sat, 8 Nov 1997 01:26:02 +0100 (CET)
        (envelope-from roberto)
Message-ID: <19971108012602.14691@keltia.freenix.fr>
Date: Sat, 8 Nov 1997 01:26:02 +0100
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: security@FreeBSD.ORG
Subject: Re: Fwd: "possible freebsd su problem?" <taz@primenet.com>
References: <19971107095506.35947@deepo.prosa.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84
In-Reply-To: <19971107095506.35947@deepo.prosa.dk>; from Philippe Regnauld on Fri, Nov 07, 1997 at 09:55:06AM +0100
X-Operating-System: FreeBSD 3.0-CURRENT ctm#3780 AMD-K6 MMX @ 208 MHz
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

According to Philippe Regnauld:
> 	Is there any potential concern for this ?
> 
> -----Forwarded message from taz <taz@primenet.com>-----
> 
> Date:         Thu, 6 Nov 1997 11:30:02 -0600
> From: taz <taz@primenet.com>
> Subject:      possible freebsd su problem?
> To: BUGTRAQ@NETSPACE.ORG
> 
>         I checked the archives, not a word of this was to be found so here
> goes.
> 
> First off, my o/s:
> FreeBSD xxxxxx 2.2.1-RELEASE
> 
>         Upon running su today, which is obviously setuid on most systems,
> I used the argument '--' instead of '-'. This caused it to seg fault. I
> ran gdb on it and found the problem was in a getpwnam() call. here is the
> source.

Fixed a while ago:

joerg       1997/08/23 07:09:37 PDT

  Modified files:
    usr.bin/su           su.c 
  Log:
  Prevent a NULL dereferencation when given a garbage command line.
  
  PR:           bin/3206
  Submitted by: blank@fox.uni-trier.de

-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #46: Sun Nov  2 16:51:01 CET 1997