Date: Tue, 26 May 1998 17:07:19 -0700 From: David Greenman <dg@root.com> To: James Flemer <jflemer@tiger.acsu.k12.vt.us> Cc: freebsd-security@FreeBSD.ORG Subject: Re: imapd_4.1b.txt Message-ID: <199805270007.RAA03312@implode.root.com> In-Reply-To: Your message of "Tue, 26 May 1998 13:49:59 EDT." <199805261749.NAA06996@tiger.acsu.k12.vt.us>
next in thread | previous in thread | raw e-mail | index | archive | help
> It is possible to crash the imapd server in several possible places. > Due to the lack of handling for the SIGABRT signal and the nature > of the IMAP protocol in storing folders locally on the server; a core dump > is produced in the users current directory. This core dump contains the > password and shadow password files from the system. In the case of FreeBSD, it could contain the no-password passwd file, but in order for the encrypted passwords to be in memory, the process would have to be setuid root, and if that is the case, the system won't generate a core file. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805270007.RAA03312>