Date: Wed, 15 Jan 1997 10:34:49 -0600 (CST) From: igor@alecto.physics.uiuc.edu (Igor Roshchin) To: security@FreeBSD.ORG, owner-security@FreeBSD.ORG Subject: Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH (fwd) Message-ID: <199701151634.KAA21934@alecto.physics.uiuc.edu>
next in thread | raw e-mail | index | archive | help
Sorry for probably a lame question:
Is this a new security hole, or something which has been patched
for FreeBSD ?
Any comment on this ?
BTW, what is the FreeBSD team's "official" point of view concerning the
Academ-branch of wu-ftpd ?
Thanks,
IgoR
aka StR
Forwarded message:
>From owner-bugtraq@NETSPACE.ORG Tue Jan 14 17:45:23 1997
Approved-By: ALEPH1@UNDERGROUND.ORG
X-Sender: hpj@tide.globecom.net
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Approved-By: Henrik P Johnson <hpj@ONE.SE>
Message-ID: <Pine.HPP.3.95.970112194514.5659E-100000@tide.globecom.net>
Date: Sun, 12 Jan 1997 19:56:01 +0100
Reply-To: Henrik P Johnson <hpj@one.se>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Henrik P Johnson <hpj@one.se>
Subject: Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH
X-To: Dave Kinchlea <security@kinch.ark.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.95.970105223438.8237D-100000@kinch.ark.com>
Below comes an hopefully improved version of the sigfix.c file to fix w=
u-ftp.
This will block signals while within crusial parts of the FTP server, y=
et the
signals will occur after the resumesigs is called. I have no idea of ho=
w
portable this may or may not be, but it seems to work on HP, OSF, linux=
and
Solaris. Otherwise the patch as supplied by Dave Kinchlea
<security@kinch.ark.com> should be applied.
/* ######################### sigfix.c #################################=
*/
void
#ifdef __STDC__
suspendsigs(void)
#else
suspendsigs()
#endif
{
sigset_t sset=3D0;
#ifdef SIGPIPE
sset=3DSIGPIPE;
#endif
#ifdef SIGURG
sset|=3DSIGURG;
#endif
sigprocmask(SIG_BLOCK,&sset,NULL);
}
void
#ifdef __STDC__
resumesigs(void)
#else
reseumesigs()
#endif
{
sigset_t sset=3D0;
#ifdef SIGPIPE
sset=3DSIGPIPE;
#endif
#ifdef SIGURG
sset|=3DSIGURG;
#endif
sigprocmask(SIG_UNBLOCK,&sset,NULL);
}
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Henrik P Johnson Tel: +46-(0)31-812091 Eklandaga=
tan 41a
GlobeCom Network GSM: +46-(0)70-5409924 41261 G=
=F6teborg
IRC: [TC] FAX: +46-(0)31-208460 =
Sweden
E-Mail: king@globecom.net king@one.se, hpj@etek.chalmers.se, hpj@tjh.se=
... etc
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Nice site: http://www.underscore.se/sj (Swedish)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701151634.KAA21934>