Date: Sat, 31 May 1997 16:21:17 -0700 From: David Greenman <dg@root.com> To: Gary Schrock <root@eyelab.psy.msu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ftpd signal handler race? Message-ID: <199705312321.QAA14848@implode.root.com> In-Reply-To: Your message of "Sat, 31 May 1997 14:21:55 EDT." <3.0.2.32.19970531142155.006dec74@eyelab.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>Regarding the CERT announcement just recently about a problem with ftpd, >according to the information there it was implied that only 2.2+ was fixed, >and that the changes weren't in the 2.1 line. When looking through the cvs >logs on the freebsd web site, I ran across a checkin on the RELENG_2_1_0 >line that seemed to imply that this problem was fixed. So is it true that >if one's tracking the 2.1-STABLE line then this problem has been fixed >regardless of what the cert announcement says? I was the one who originally discovered the security hole and informed CERT. The bug was fixed in the 2.2 tree prior to the 2.2.0 release and was merged (by pst) into the 2.1 branch prior to the 2.1.7 release. So the answer is "yes", the problem is fixed in the 2.1-stable branch and if you're tracking that then you don't need to worry about it. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705312321.QAA14848>