From owner-freebsd-security  Tue Oct 15 12:10:23 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA01016
          for security-outgoing; Tue, 15 Oct 1996 12:10:23 -0700 (PDT)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA01010
          for <freebsd-security@freebsd.org>; Tue, 15 Oct 1996 12:10:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id MAA02970; Tue, 15 Oct 1996 12:11:24 -0700 (PDT)
Message-Id: <199610151911.MAA02970@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: roberto@keltia.freenix.fr (Ollivier Robert)
cc: freebsd-security@freebsd.org
Subject: Re: bin/1805: Bug in ftpd 
In-reply-to: Your message of "Tue, 15 Oct 1996 19:37:11 +0200."
             <199610151737.TAA27258@keltia.freenix.fr> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Tue, 15 Oct 1996 12:11:24 -0700
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>According to Bruce Evans:
>> This was probably fixed in March in -current but not in -stable.
>> Setuid processes cannot dump core in -current.  This makes them harder
>> to debug of course.
>
>What did I miss ? wu-ftpd is not setuid... It is launched as root by inetd
>so the setuid-program-don't-core is not applicable.

   Coredumps aren't created when the real uid != current uid, so no coredumps
will be created for normal users. Unfortunately, this isn't true for anonymous
ftp which runs as root.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project