From owner-freebsd-security  Sun Oct 20 23:17:47 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA26606
          for security-outgoing; Sun, 20 Oct 1996 23:17:47 -0700 (PDT)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA26601
          for <freebsd-security@freebsd.org>; Sun, 20 Oct 1996 23:17:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id XAA21376; Sun, 20 Oct 1996 23:18:11 -0700 (PDT)
Message-Id: <199610210618.XAA21376@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: Brian Tao <taob@io.org>
cc: Ollivier Robert <roberto@keltia.freenix.fr>, freebsd-security@freebsd.org
Subject: Re: bin/1805: Bug in ftpd 
In-reply-to: Your message of "Sun, 20 Oct 1996 22:51:12 EDT."
             <Pine.BSF.3.95.961020224937.1199D-100000@crunch.io.org> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Sun, 20 Oct 1996 23:18:11 -0700
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>On Tue, 15 Oct 1996, David Greenman wrote:
>> 
>> Unfortunately, this isn't true for anonymous ftp which runs as root.
>
>    Doesn't an anon ftp connection open the chrooted /etc/spwd.db
>though (e.g., /var/spool/ftp/etc/spwd.db, here)?

   Hmmm. I think it still opens the normal one first in order to verify the
existence of the "ftp" user. In any case, I don't think this is an issue
because the core file is created with uid 0 and 0600 permissions...and ftpd
accesses files as user ftp when running as anonymous. So in other words, even
if it did create a core file, the anonymous user wouldn't be able to read it.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project