mailing list archives
Re: FreeBSD,rlogin and coredumps.
From: dg () root com (David Greenman)
Date: Mon, 17 Feb 1997 03:13:18 -0800
Pointed out to me privately by several people:
Just checked on 3.0-970209-SNAP
Only saw my own password crypt but is does coredump as does ftpd.
Yes, there was a bug in the kernel; it didn't pass the P_SUGID flag on to
the child of a fork. rlogin is rather unique in that it is setuid, forks, but
doesn't exec (which would clear out the address space). This allowed the child
to coredump if sent the appropriate signal. The coredump contains the result of
a passwd database lookup for the user's own entry. This is certainly undesired,
but it appears that the scope of the security hole is very limited.
Anyway, as of about 5 minutes ago, this problem is fixed in -stable (which
will be FreeBSD 2.1.7 RSN), the 2.2 branch, and -current.
Core-team/Principal Architect, The FreeBSD Project
- Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 17)