Re: ftpd bug? Was: bin/1805: Bug in ftpd

[llama () randomc com (Jonny Llama)]

> On Wed, 16 Oct 1996 gamble () dxcoms cern ch wrote:
> > [failed 4.1.1 exploit attempt]
>
> Do you have core dumps turned off?
>
> I forget where it is in 4.1.1, but under Solaris you can a line in
> /etc/system to set coredump size.

for 4.X it's rather straight forward, just uncomment the savecore junk in
/etc/rc.local and make sure all the paths/etc are correct.  My 4.1.1 is
off in the corner making funny noises so I can't confirm that, but I'm
pretty sure.  As for Solaris 2.x, I think the /etc/system dumpfile jank
is only for 2.5 and up.. never done it on =<2.4 so I couldn't tell you.

> Set it to 0, and you can avoid these problems.

This is a really ugly bandaid, by the way.  Why stop there, when we could
take symlinks out the the kernel / filesystem [1] and avoid all those
other security problems.

> Andy

[1] Or wherever the fuck symlinks are, I'm a hardware guy.