From owner-freebsd-bugs Mon Oct 14 05:00:04 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA23575 for bugs-outgoing; Mon, 14 Oct 1996 05:00:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA23568; Mon, 14 Oct 1996 05:00:02 -0700 (PDT) Resent-Date: Mon, 14 Oct 1996 05:00:02 -0700 (PDT) Resent-Message-Id: <199610141200.FAA23568@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Received: (from nobody@localhost)by.freefall.freebsd.org.id.EAA23237;Mon; (8.7.5/8.7.3);, 14 Oct 1996 04:52:09.-0700 (PDT) Message-Id: <199610141152.EAA23237@freefall.freebsd.org> Date: Mon, 14 Oct 1996 04:52:09 -0700 (PDT) From: rkozak@bdk.lublin.pl To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: bin/1805: Bug in ftpd Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1805 >Category: bin >Synopsis: Bug in ftpd >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Oct 14 05:00:01 PDT 1996 >Last-Modified: >Originator: Robert Kozak >Organization: BDK w Lublinie S.A. >Release: FreeBSD 2.1.5-RELEASE >Environment: FreeBSD celebris1.bdk.lublin.pl 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #0: Thu Sep 5 13:21:39 MET DST 1996 root@celebris1.bdk.lublin.pl:/usr/src/sys/compile/ RKKERNEL i386 >Description: While user is connected to server via ftp, the process ftpd is owned by this user. When ftpd is abnormally termineted (e.g. kill -11 ) the memory image of this process is writed to file ftpd.core in home dir. This file contain encrypted passwords all users on this machine. >How-To-Repeat: 1. ftp localhost name: username password: **** 2. On second terminal: a) ps -ax | grep localhost b) kill -11 c) strings ~/ftpd.core | less (you will see all encrypted passwords). >Fix: >Audit-Trail: >Unformatted: