From owner-freebsd-security  Tue Oct 15 09:37:30 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA18129
          for security-outgoing; Tue, 15 Oct 1996 09:37:30 -0700 (PDT)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA18120
          for <freebsd-security@freebsd.org>; Tue, 15 Oct 1996 09:37:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id JAA02562; Tue, 15 Oct 1996 09:38:44 -0700 (PDT)
Message-Id: <199610151638.JAA02562@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: Nathan Lawson <nlawson@kdat.csc.calpoly.edu>
cc: marcs@znep.com (Marc Slemko), freebsd-security@freebsd.org
Subject: Re: bin/1805: Bug in ftpd 
In-reply-to: Your message of "Tue, 15 Oct 1996 08:53:38 PDT."
             <199610151553.IAA28499@kdat.calpoly.edu> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Tue, 15 Oct 1996 09:38:44 -0700
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>one instance of this attack, preventing core dumps.  It is trivial to get 
>around it by using ptrace to attach to the process and read the memory
>containing the encrypted passwords.

   At least in FreeBSD, you can't use ptrace-attach on a process that has
changed its uid.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project