Date: Wed, 16 Oct 1996 18:08:59 +0200 (MET DST) From: guido@gvr.win.tue.nl (Guido van Rooij) To: assar@sics.se (Assar Westerlund) Cc: marcs@znep.com, freebsd-security@FreeBSD.org Subject: Re: bin/1805: Bug in ftpd Message-ID: <199610161608.SAA07582@gvr.win.tue.nl> In-Reply-To: <5l7mor7ois.fsf@assaris.sics.se> from Assar Westerlund at "Oct 16, 96 02:15:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Assar Westerlund wrote: > guido@gvr.win.tue.nl (Guido van Rooij) writes: > > > After the setuid, I will be able to make it dump core, or even better > > > use `ptrace' and then login will still have the file descriptor > > > pointing to /etc/spwd.db open and I can make it read the complete > > > shadow file. > > > > endpwent closes the spwd.db if I'm right so that would be impossible. > > Of course, it should call endpwent and endpwent should zero any > incriminating memory, but it doesn't do that now. Yes it does. Check the code. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610161608.SAA07582>