[256] in linux-security and linux-alert archive
Re: SECURITY: problem with some wu-ftpd-2.4 binaries
daemon@ATHENA.MIT.EDU (Malcolm Beattie)
Thu Jun 1 13:38:23 1995
From: Malcolm Beattie <mbeattie@sable.ox.ac.uk>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 1 Jun 1995 09:23:58 +0000 (BST)
In-Reply-To: <m0sGby7-000KjMC@monad.swb.de> from "Olaf Kirch" at May 31, 95 02:49:00 am
[mod: quoting trimmed --okir]
For those who can't afford to shut off the daemon, the following
should work OK. Just edit the ftpd binary (emacs is your friend :-)
and change the unique occurrence of "/bin\0" to something like "/zzz\0"
(in other words, any string of the same length which refers to a
directory which exists neither under / nor under ~ftp). If you're
using emacs, just hit C-s / b i n C-q C-@ to search for the
appropriate place. This should work provided you don't rely on
anything using site exec, but YMMV. Usual disclaimers, of course.
--Malcolm
--
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services
