From owner-freebsd-security Mon Oct 14 14:00:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA25286 for security-outgoing; Mon, 14 Oct 1996 14:00:42 -0700 (PDT) Received: from gvr.win.tue.nl (gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA25281; Mon, 14 Oct 1996 14:00:34 -0700 (PDT) Received: by gvr.win.tue.nl (8.6.13/1.53) id WAA02649; Mon, 14 Oct 1996 22:59:19 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199610142059.WAA02649@gvr.win.tue.nl> Subject: Re: bin/1805: Bug in ftpd To: marcs@znep.com (Marc Slemko) Date: Mon, 14 Oct 1996 22:59:19 +0200 (MET DST) Cc: security-officer@freebsd.org, freebsd-security@freebsd.org In-Reply-To: from Marc Slemko at "Oct 14, 96 12:14:55 pm" X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Marc Slemko wrote: > A more permanent fix to the source may be something along the lines of the > below patch (against RELENG_2_1_5_RELEASE), but there should be an > official fix out in the next little bit: > I'm not really happy with this fix as well, but it's better than nothing., The reason being that if ftp wants to dump core, it should dump core. If you prohibit this you'll never be able to debug any problems after somethuing went wrong. What should be done is make sure the buffers containing the sensitive info are cleared as soon as the info has been used. The same problem could show up with any other suid root program that reads the password databases. (if that is indeed the happening. It might also be that just the users password string is dumped only.) I'll investigate things tomorrow evening. -Guido