Home page logo

bugtraq logo Bugtraq mailing list archives

Re: FreeBSD,rlogin and coredumps.
From: dg () root com (David Greenman)
Date: Mon, 17 Feb 1997 03:13:18 -0800

Pointed out to me privately by several people:

Just checked on 3.0-970209-SNAP
Only saw my own password crypt but is does coredump as does ftpd.

   Yes, there was a bug in the kernel; it didn't pass the P_SUGID flag on to
the child of a fork. rlogin is rather unique in that it is setuid, forks, but
doesn't exec (which would clear out the address space). This allowed the child
to coredump if sent the appropriate signal. The coredump contains the result of
a passwd database lookup for the user's own entry. This is certainly undesired,
but it appears that the scope of the security hole is very limited.
   Anyway, as of about 5 minutes ago, this problem is fixed in -stable (which
will be FreeBSD 2.1.7 RSN), the 2.2 branch, and -current.


David Greenman
Core-team/Principal Architect, The FreeBSD Project

  By Date           By Thread  

Current thread:
  • Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]