Date: Sat, 11 Jan 1997 18:50:20 -0800 From: David Greenman <dg@root.com> To: Steve Reid <steve@edmweb.com> Cc: freebsd-isp@freebsd.org Subject: Re: serious security bug in wu-ftpd v2.4 (fwd) Message-ID: <199701120250.SAA23491@root.com> In-Reply-To: Your message of "Wed, 08 Jan 1997 15:10:55 PST." <Pine.BSF.3.95.970108150849.256B-100000@bitbucket.edmweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Since David Greenman's patch was posted here, I figure this should be >posted here as well... > >---------- Forwarded message ---------- >Date: Tue, 7 Jan 1997 23:02:51 -0500 (EST) >From: Wietse Venema <wietse@porcupine.org> >Reply-To: best-of-security@suburbia.net >To: best-of-security@suburbia.net >Cc: wu-ftpd-bugs@academ.com, best-of-security@suburbia.net >Subject: BoS: serious security bug in wu-ftpd v2.4 >Resent-Date: Wed, 8 Jan 1997 18:44:21 +1100 (EST) >Resent-From: best-of-security@suburbia.net > >Two brief comments on the patches that were suggested sofar. > >- The patch proposed by David Greenman (clear the transflag variable >in function dologout()) makes the window of opportunity much smaller, >but does not close it. The hole still exists. It's just smaller. I disagree with Wietse's assertion that my patch is insufficient and I don't think that all of the extra signal blocking code is necessary. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701120250.SAA23491>