Date: 16 Oct 1996 02:15:23 +0200 From: Assar Westerlund <assar@sics.se> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: marcs@znep.com, freebsd-security@FreeBSD.org Subject: Re: bin/1805: Bug in ftpd Message-ID: <5l7mor7ois.fsf@assaris.sics.se> In-Reply-To: guido@gvr.win.tue.nl's message of Tue, 15 Oct 1996 18:09:59 %2B0200 (MET DST) References: <199610151609.SAA04691@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
guido@gvr.win.tue.nl (Guido van Rooij) writes: > > After the setuid, I will be able to make it dump core, or even better > > use `ptrace' and then login will still have the file descriptor > > pointing to /etc/spwd.db open and I can make it read the complete > > shadow file. > > endpwent closes the spwd.db if I'm right so that would be impossible. Of course, it should call endpwent and endpwent should zero any incriminating memory, but it doesn't do that now. /assar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5l7mor7ois.fsf>