Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 08 Aug 1996 21:48:19 -0600
From:      Warner Losh <imp@village.org>
To:        security@freebsd.org
Subject:   rdist holes and such.
Message-ID:  <199608090348.VAA07285@rover.village.org>
next in thread | raw e-mail | index | archive | help 
FYI.  I don't think that FreeBSD is vulnerable, but I thought I'd pass
this along just in case.  It is from bugtraq, and edited by me.  I
hope I didn't drop anything.  Looking at the commit messages go by,
I'd say this was a very complete code review of the entire rdist
source.  Todd Miller and I have a beer from time to time and he's a
good guy.  Someone with more time on their hands than myself might
want to see if there is anything here that the FreeBSD sources might
be lacking.

Warner

------- Forwarded Message

[ Headers edited by imp ]
Date: 	Thu, 8 Aug 1996 20:20:21 -0600
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Theo de Raadt <deraadt@theos.com>
Subject:      Re: /etc/shells (was Re: procmail)
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>

[...]

Ob. Security hole fix:

If anyone wants to see a really secure rdist setup that solves all
the problems (all the problems *I* know about..), take a look at the
OpenBSD sources.

- -r-xr-xr-x  1 root  bin  212992 Aug  6 21:12 usr/bin/oldrdist*
- -r-xr-xr-x  1 root  bin  229376 Aug  6 21:12 usr/bin/rdist*
- -r-xr-xr-x  1 root  bin  163840 Aug  6 21:12 usr/bin/rdistd*

Note they are not setuid.  "oldrdist" is the old original rdist with
all the known bugs fixed and modified to callout to "rsh" for setting
up the connection.  The "rsh" callout code is borrowed from new
"rdist"; "rdist" is the latest 6.1 version with some more fixes by us.
Since "oldrdist" and new "rdist" are not protocol compatible, it is
important to have both.  New "rdist" was written to know how to
callout to "oldrdist" if it discovers the older protocol (or something
like that).

I am also happy to see that new "rdist" uses mkstemp() which makes it
`safer' to ship a dist which contain writable directories.

Thanks to Todd Miller for doing most of this work, I'm quite happy
with it (I noted some of the problems but did none of the fixing)

Who knows, some of you might indirectly benefit from this stuff.

------- End of Forwarded Message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608090348.VAA07285>