From owner-freebsd-security Tue May 26 19:30:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA20451 for freebsd-security-outgoing; Tue, 26 May 1998 19:30:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA20417 for ; Tue, 26 May 1998 19:30:20 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with ESMTP id TAA04252; Tue, 26 May 1998 19:30:08 -0700 (PDT) Message-Id: <199805270230.TAA04252@implode.root.com> To: Mike Smith cc: James Flemer , freebsd-security@FreeBSD.ORG Subject: Re: imapd_4.1b.txt In-reply-to: Your message of "Tue, 26 May 1998 17:47:22 PDT." <199805270047.RAA02472@dingo.cdrom.com> From: David Greenman Reply-To: dg@root.com Date: Tue, 26 May 1998 19:30:08 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk >> > It is possible to crash the imapd server in several possible places. >> > Due to the lack of handling for the SIGABRT signal and the nature >> > of the IMAP protocol in storing folders locally on the server; a core dump >> > is produced in the users current directory. This core dump contains the >> > password and shadow password files from the system. >> >> In the case of FreeBSD, it could contain the no-password passwd file, but >> in order for the encrypted passwords to be in memory, the process would have >> to be setuid root, and if that is the case, the system won't generate a core >> file. > >Does imapd not run as root from /etc/inetd.conf? The binary is not >setuid in the package tarball... If it is run as root, then the core file will be owned by root with no permissions for group or other, so you'd have to be root to read it. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message