Bugtraq mailing list archives
Re: FreeBSD,rlogin and coredumps.
From: dg () root com (David Greenman)
Date: Mon, 17 Feb 1997 03:13:18 -0800
Pointed out to me privately by several people:
Just checked on 3.0-970209-SNAP
...
Only saw my own password crypt but is does coredump as does ftpd.
Yes, there was a bug in the kernel; it didn't pass the P_SUGID flag on to the child of a fork. rlogin is rather unique in that it is setuid, forks, but doesn't exec (which would clear out the address space). This allowed the child to coredump if sent the appropriate signal. The coredump contains the result of a passwd database lookup for the user's own entry. This is certainly undesired, but it appears that the scope of the security hole is very limited. Anyway, as of about 5 minutes ago, this problem is fixed in -stable (which will be FreeBSD 2.1.7 RSN), the 2.2 branch, and -current. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Current thread:
- Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 17)