Date: Sun, 25 Nov 2001 22:13:44 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: <veedee@c7.campus.utcluj.ro> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: fts_print bug? Message-ID: <20011125220611.U5577-100000@delplex.bde.org> In-Reply-To: <20011123015505.A5165@c7.campus.utcluj.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23 Nov 2001 veedee@c7.campus.utcluj.ro wrote: > Does anyone know anything about this? > > It didn't worked on my box (4.3-RELEASE), but it did make some directories > which I can't erase anymore... > > [#] rm -r 4965/ > rm: fts_read: File name too long > ... > Sorry for the messy output. A friend of mine found the "exploit" (see > attachement) on BUGTRAQ. I think the security holes in fts were fixed soon after they turned up (this is an old exploit). I fixed the bug in rm (rm was using FTS_NOCHDIR, wich prevents fts handling deep directory). The fix is in 4.3. It still works for me. cp, pax and pkg_install are the only applications in /usr/src that use FTS_NOCHDIR. It breaks at least cp in the same way as it breaks rm. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011125220611.U5577-100000>