From owner-freebsd-security  Tue May 26 18:53:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA12504
          for freebsd-security-outgoing; Tue, 26 May 1998 18:53:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA12467
          for <freebsd-security@FreeBSD.ORG>; Tue, 26 May 1998 18:53:21 -0700 (PDT)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id RAA02472;
	Tue, 26 May 1998 17:47:22 -0700 (PDT)
Message-Id: <199805270047.RAA02472@dingo.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: dg@root.com
cc: James Flemer <jflemer@tiger.acsu.k12.vt.us>, freebsd-security@FreeBSD.ORG
Subject: Re: imapd_4.1b.txt 
In-reply-to: Your message of "Tue, 26 May 1998 17:07:19 PDT."
             <199805270007.RAA03312@implode.root.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 26 May 1998 17:47:22 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> >  It is possible to crash the imapd server in several possible places.
> >  Due to the lack of handling for the SIGABRT signal and the nature
> >  of the IMAP protocol in storing folders locally on the server; a core dump
> >  is produced in the users current directory. This core dump contains the
> >  password and shadow password files from the system.
> 
>    In the case of FreeBSD, it could contain the no-password passwd file, but
> in order for the encrypted passwords to be in memory, the process would have
> to be setuid root, and if that is the case, the system won't generate a core
> file.

Does imapd not run as root from /etc/inetd.conf?  The binary is not 
setuid in the package tarball...

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message