Bugtraq mailing list archives

Re: FreeBSD,rlogin and coredumps.

From: slk () LINUX1 ACM RPI EDU (Simon Karpen)
Date: Tue, 18 Feb 1997 19:59:37 -0500


The problem is not in screen; it's in the operating system.
Linux is truly not vulnerable as it does not allow
coredumps of setuid root programs.

The BSDs (at least FreeBSD) appear to still do this for some
inane reason. Even SunOS 4.x doesn't coredump setuid progs, and
I wouldn't exactly call it secure.

On Tue, 18 Feb 1997, Nathan Torkington wrote:

It's possible to send a signal 11 to the latest version of screen
(3.7.2) and make it coredump with the master.passwd file in memory.
I'm using FreeBSD 2.1.5-RELEASE.


Simon Karpen
karpes () rpi edu, slk () acm rpi edu, slk () karpes stu rpi edu
"Down, not Across"

Current thread:

NT password dictionary attack., (continued)
- - - NT password dictionary attack. Paul Ashton (Feb 18)
    - New CIFS paper up for grabs *Hobbit* (Feb 18)
    - Re: screen 3.05.02 Mr. Cyb (Feb 16)
    - FreeBSD,rlogin and coredumps. Roelof W Temmingh (Feb 16)
    - Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
    - Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
    - Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)
    - Re: FreeBSD,rlogin and coredumps. jamie (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Nathan Torkington (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Daniel O'Callaghan (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Simon Karpen (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Michael Lerperger (Feb 17)
    - NetBIOS Auditing Tool Oliver Friedrichs (Feb 16)
  - Re: IRIX: Bug in startmidi Yuri Volobuev (Feb 09)
    - Re: IRIX: Bug in startmidi Astley Chan (Feb 09)
    - Re: IRIX: Bug in startmidi Steve M. Acheson (Feb 10)
    - Re: IRIX: Bug in startmidi Jon Lewis (Feb 09)