From owner-freebsd-bugs  Wed Apr 29 22:50:07 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA10837
          for freebsd-bugs-outgoing; Wed, 29 Apr 1998 22:50:07 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA10761;
          Wed, 29 Apr 1998 22:50:04 -0700 (PDT)
          (envelope-from gnats)
Date: Wed, 29 Apr 1998 22:50:04 -0700 (PDT)
Message-Id: <199804300550.WAA10761@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: David Greenman <dg@root.com>
Subject: Re: misc/6457: BSD Bug List Page 
Reply-To: David Greenman <dg@root.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR misc/6457; it has been noted by GNATS.

From: David Greenman <dg@root.com>
To: mcuratol@berkeleymicro.com
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/6457: BSD Bug List Page 
Date: Wed, 29 Apr 1998 22:46:43 -0700

 >
 >>Number:         6457
 >>Category:       misc
 >>Synopsis:       BSD Bug List Page
 >>Confidential:   no
 >>Severity:       non-critical
 >>Priority:       low
 >>Responsible:    freebsd-bugs
 >>State:          open
 >>Quarter:
 >>Keywords:
 >>Date-Required:
 >>Class:          support
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Wed Apr 29 11:30:01 PDT 1998
 >>Last-Modified:
 >>Originator:     Melina Curatolo
 >>Organization:
 >>Release:        None
 >>Environment:
 >>Description:
 >I ran across this page that lists certain security holes/bugs when
 >using BSD.  Thought someone over might take a look at the list in
 >hopes that most of these problems are fixed in future versions.
 >
 >http://oliver.efri.hr/~crv/security/bugs/BSD/ftpd5.html
 >
 >I think by far BSD is the least volatile when compared to Solaris
 >or even Linux.  Keep up the good work!
 
    I just looked at that. The example shows sending a sig-11 to the ftp
 client at which point it core dumps. It doesn't mention what was found in
 the core file, but I'd guess that it has the user/password that the user
 had just entered. While it is probably undesirable for that to be put
 into a core file, it has nothing to do with the ftpd server process on
 the remote machine and further, the core file will only be accessible to
 the user who created it. I think it's a bit of a stretch to call this
 a "security hole".
 
 -DG
 
 David Greenman
 Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message