Date: 16 Oct 1996 20:15:14 +0200 From: Assar Westerlund <assar@sics.se> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: marcs@znep.com, freebsd-security@FreeBSD.org Subject: Re: bin/1805: Bug in ftpd Message-ID: <5laftm6aj1.fsf@assaris.sics.se> In-Reply-To: guido@gvr.win.tue.nl's message of Wed, 16 Oct 1996 18:08:59 %2B0200 (MET DST) References: <199610161608.SAA07582@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
guido@gvr.win.tue.nl (Guido van Rooij) writes: > > guido@gvr.win.tue.nl (Guido van Rooij) writes: > > > > After the setuid, I will be able to make it dump core, or even better > > > > use `ptrace' and then login will still have the file descriptor > > > > pointing to /etc/spwd.db open and I can make it read the complete > > > > shadow file. > > > > > > endpwent closes the spwd.db if I'm right so that would be impossible. > > > > Of course, it should call endpwent and endpwent should zero any > > incriminating memory, but it doesn't do that now. > > Yes it does. Check the code. You're right. Some what other programs should we check to see that they really call endpwent? /assar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5laftm6aj1.fsf>