Date: Thu, 9 Oct 1997 08:31:40 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@freebsd.org (FreeBSD hackers) Subject: Re: L0pht Advisory: IMAP4rev1 imapd server Message-ID: <19971009083140.LQ20996@uriah.heep.sax.de> In-Reply-To: <v03102805b06154541550@[207.155.93.30]>; from We got Food - Fuel - Ice-cold Beer - and X.509 certificates on Oct 8, 1997 16:17:54 %2B0100 References: <v03102805b06154541550@[207.155.93.30]>
next in thread | previous in thread | raw e-mail | index | archive | help
As We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote: > Scenario: > > It is possible to crash the imapd server in several possible places. > Due to the lack of handling for the SIGABRT signal and the nature > of the IMAP protocol in storing folders locally on the server; a core dump > is produced in the users current directory. This core dump contains the > password and shadow password files from the system. I don't think that's a big problem for FreeBSD. Either, the imapd runs with effective and real UID of root, but then the core file will only be readable by root, or (it was setuid) it's not supposed to drop a core file at all. Somebody who's actually running imapd might test it anyway. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971009083140.LQ20996>