From owner-freebsd-security Mon Mar 12 15:22:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-59.dsl.lsan03.pacbell.net [63.207.60.59]) by hub.freebsd.org (Postfix) with ESMTP id 520E037B71A for ; Mon, 12 Mar 2001 15:22:16 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0A29266B6C; Mon, 12 Mar 2001 15:22:15 -0800 (PST) Date: Mon, 12 Mar 2001 15:22:15 -0800 From: Kris Kennaway To: Brooks Davis Cc: Alex Popa , security@FreeBSD.ORG Subject: Re: 4.3-BETA, sshd.core found in root directory. Message-ID: <20010312152215.A94640@mollari.cthul.hu> References: <20010313004813.A78221@ldc.ro> <20010312145754.A489@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010312145754.A489@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Mon, Mar 12, 2001 at 02:57:54PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 12, 2001 at 02:57:54PM -0800, Brooks Davis wrote: > On Tue, Mar 13, 2001 at 12:48:13AM +0200, Alex Popa wrote: > > I am not really sure what this means (could mean a lot of things,=20 > > including bad memory on my machine), but here are the facts: >=20 > This reminds me of something I noticed during the last discussion of > ssh I got involved in and compleatly forgot about. If you create an > account with a bad shell (say, /bin/false) and run the following command > you get an immediate sshd core dump: >=20 > ssh -t xxx@localhost /bin/sh >=20 > Attempting to run gdb on the core appears to show that I'm in: >=20 > #0 0x4817c3b7 in login_getpwclass () from /usr/lib/libutil.so.3 >=20 > but the binary is stripped so I don't know and my /usr/obj is out of > sync with my world at the moment so I figure running gdb against the > unstripped binary is not productive. There's a PR open about this and Brian is looking into it - indications are it's a simple bug and not a security problem, denial of service or otherwise. Kris --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6rVonWry0BWjoQKURAgsqAJ9O7Nv5bFkBfhRjEo8OgB34JWgFGwCfULJ8 i6pGoR04IEwGi8EtywY58XU= =7bZh -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message