From owner-freebsd-bugs Mon Oct 14 11:20:03 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA14841 for bugs-outgoing; Mon, 14 Oct 1996 11:20:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA14810; Mon, 14 Oct 1996 11:20:02 -0700 (PDT) Date: Mon, 14 Oct 1996 11:20:02 -0700 (PDT) Message-Id: <199610141820.LAA14810@freefall.freebsd.org> To: freebsd-bugs Cc: From: Marc Slemko Subject: Re: bin/1805: Bug in ftpd Reply-To: Marc Slemko Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/1805; it has been noted by GNATS. From: Marc Slemko To: rkozak@bdk.lublin.pl Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/1805: Bug in ftpd Date: Mon, 14 Oct 1996 12:11:11 -0600 (MDT) On Mon, 14 Oct 1996 rkozak@bdk.lublin.pl wrote: > While user is connected to server via ftp, the process ftpd is owned > by this user. When ftpd is abnormally termineted (e.g. kill -11 ) > the memory image of this process is writed to file ftpd.core in home dir. > This file contain encrypted passwords all users on this machine. That isn't nice. I don't think it will contain the passwords of all the users, just a certain subset of them. This also a problem with older versions of wuftpd, but the latest beta seems to be fine, although I'm not sure if that is just a fluke or by design. There are several possible fixes, but for those that need a temporary fix ASAP, a workaround follows. There should be no security problems with this, but there could be something I'm missing. Create a script. I'll assume it is /usr/local/libexec/ftpd.wrapper. In it, put the following: ------- #!/bin/sh ulimit -c 0 exec /usr/libexec/ftpd $* ------- where /usr/libexec/ftpd is the path to your old ftp daemon. Modify /etc/inetd.conf and replace /usr/libexec/ftpd with /usr/local/libexec/ftpd.wrapper. What this does is prevent the process from core dumping, therefore eliminating the problem. A more permanent fix to the source may be something along the lines of the below, but there should be an official fix out in the next little bit: *** /usr/src/libexec/ftpd/ftpd.c Mon Mar 18 04:10:16 1996 --- ftpd.c Mon Oct 14 12:07:21 1996 *************** *** 47,55 **** --- 47,58 ---- * FTP server. */ #include + #include + #include #include #include #include + #include #include #include *************** *** 219,227 **** --- 222,232 ---- int addrlen, ch, on = 1, tos; char *cp, line[LINE_MAX]; FILE *fd; + struct rlimit rlim; tzset(); /* in case no timezone database in ~ftp */ + /* * LOG_NDELAY sets up the logging connection immediately, * necessary for anonymous ftp's that chroot and can't do it later. *************** *** 232,237 **** --- 237,253 ---- syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); exit(1); } + + /* + * prevent ftpd from dumping core; necessary to prevent a user + * from getting a core file with privileged information in + */ + rlim.rlim_cur = rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim) != 0) { + syslog(LOG_ERR, "setrlimit(RLIMIT_CORE, &rlim) failed"); + exit(1); + } + #ifdef SKEY strcpy(addr_string, inet_ntoa(his_addr.sin_addr)); #endif