From owner-freebsd-security Mon Mar 12 14:58:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 2234C37B718 for ; Mon, 12 Mar 2001 14:58:09 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id f2CMvsO01383; Mon, 12 Mar 2001 14:57:54 -0800 Date: Mon, 12 Mar 2001 14:57:54 -0800 From: Brooks Davis To: Alex Popa Cc: security@freebsd.org Subject: Re: 4.3-BETA, sshd.core found in root directory. Message-ID: <20010312145754.A489@Odin.AC.HMC.Edu> References: <20010313004813.A78221@ldc.ro> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010313004813.A78221@ldc.ro>; from razor@ldc.ro on Tue, Mar 13, 2001 at 12:48:13AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 13, 2001 at 12:48:13AM +0200, Alex Popa wrote: > I am not really sure what this means (could mean a lot of things,=20 > including bad memory on my machine), but here are the facts: This reminds me of something I noticed during the last discussion of ssh I got involved in and compleatly forgot about. If you create an account with a bad shell (say, /bin/false) and run the following command you get an immediate sshd core dump: ssh -t xxx@localhost /bin/sh Attempting to run gdb on the core appears to show that I'm in: #0 0x4817c3b7 in login_getpwclass () from /usr/lib/libutil.so.3 but the binary is stripped so I don't know and my /usr/obj is out of sync with my world at the moment so I figure running gdb against the unstripped binary is not productive. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6rVRxXY6L6fI4GtQRAg+kAJ4vCmuI9LwU1SYhc+P4giz+WKJhQQCguZSX NyC1bmupNaEBEMJH1y4nmB8= =akX/ -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message