Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Sun, 9 Jul 1995 15:56:35 -0700

Yes, i've since discovered this. And the writes dont return a error. Hmm,
how slow would fstat()ing the log file before writing be, it shouldnt be
*too* bad.


The only problem I see here is that this should be done before writes, not
periodically.  If it was done every few minutes, it would cause a penalty
in swapping into memory, especially on machines with limited memory.  I'd like
to see more Unix daemons designed to wake up as little as possible.

-Nate

Current thread:

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4), (continued)
- - - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James Seng (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
    - Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
  - Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
    - Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
  - Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
  - Details of linux select(2) bug? Karl Strickland (Jul 07)
  - SM 8.6.12 Nathan Lawson (Jul 08)
    - Re: SM 8.6.12 Karl Strickland (Jul 08)
    - Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
    - Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
    - Re: SM 8.6.12 Eric Allman (Jul 16)

(Thread continues...)