Date: Tue, 26 May 1998 17:47:22 -0700 From: Mike Smith <mike@smith.net.au> To: dg@root.com Cc: James Flemer <jflemer@tiger.acsu.k12.vt.us>, freebsd-security@FreeBSD.ORG Subject: Re: imapd_4.1b.txt Message-ID: <199805270047.RAA02472@dingo.cdrom.com> In-Reply-To: Your message of "Tue, 26 May 1998 17:07:19 PDT." <199805270007.RAA03312@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is possible to crash the imapd server in several possible places. > > Due to the lack of handling for the SIGABRT signal and the nature > > of the IMAP protocol in storing folders locally on the server; a core dump > > is produced in the users current directory. This core dump contains the > > password and shadow password files from the system. > > In the case of FreeBSD, it could contain the no-password passwd file, but > in order for the encrypted passwords to be in memory, the process would have > to be setuid root, and if that is the case, the system won't generate a core > file. Does imapd not run as root from /etc/inetd.conf? The binary is not setuid in the package tarball... -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805270047.RAA02472>