From owner-freebsd-security  Tue May 26 20:55:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA08789
          for freebsd-security-outgoing; Tue, 26 May 1998 20:55:46 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA08698
          for <freebsd-security@FreeBSD.ORG>; Tue, 26 May 1998 20:55:15 -0700 (PDT)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id UAA09157;
	Tue, 26 May 1998 20:54:41 -0700 (PDT)
Message-Id: <199805270354.UAA09157@burka.rdy.com>
Subject: Re: imapd_4.1b.txt
In-Reply-To: <199805270136.SAA02758@dingo.cdrom.com> from Mike Smith at "May 26, 98 06:36:45 pm"
To: mike@smith.net.au (Mike Smith)
Date: Tue, 26 May 1998 20:54:41 -0700 (PDT)
Cc: dg@root.com, mike@smith.net.au, jflemer@tiger.acsu.k12.vt.us,
        freebsd-security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Mike Smith writes:
> > >Does imapd not run as root from /etc/inetd.conf?  The binary is not 
> > >setuid in the package tarball...
> > 
> >    If it is run as root, then the core file will be owned by root with no
> > permissions for group or other, so you'd have to be root to read it.
> 
> ... and if it changes UID to manipulate your mail folders, it will no 
> longer drop a core.  Ok, it sounds like the door is closed on that one.
> 
> Do I feel sorry for Mark Crispin? 8)

I don't think it will drop core in any case. As far as I know all the
inetd stuff runs from the daemon class, and daemon class has coredumpsize 0 by
default.

> 
> -- 
> \\  Sometimes you're ahead,       \\  Mike Smith
> \\  sometimes you're behind.      \\  mike@smith.net.au
> \\  The race is long, and in the  \\  msmith@freebsd.org
> \\  end it's only with yourself.  \\  msmith@cdrom.com
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message