[3484] in bugtraq
Re: ftpd bug? Was: bin/1805: Bug in ftpd
daemon@ATHENA.MIT.EDU (Jonny Llama)
Wed Oct 16 22:24:31 1996
Date: Wed, 16 Oct 1996 21:51:55 -0400
Reply-To: Jonny Llama <llama@randomc.com>
From: Jonny Llama <llama@randomc.com>
X-To: dills@husc.harvard.edu
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.OSF.3.95.961016140949.3676A-100000@fas.harvard.edu> from
"Andrew Dills" at Oct 16, 96 02:11:02 pm
>
> On Wed, 16 Oct 1996 gamble@dxcoms.cern.ch wrote:
>>[failed 4.1.1 exploit attempt]
>
> Do you have core dumps turned off?
>
> I forget where it is in 4.1.1, but under Solaris you can a line in
> /etc/system to set coredump size.
for 4.X it's rather straight forward, just uncomment the savecore junk in
/etc/rc.local and make sure all the paths/etc are correct. My 4.1.1 is
off in the corner making funny noises so I can't confirm that, but I'm
pretty sure. As for Solaris 2.x, I think the /etc/system dumpfile jank
is only for 2.5 and up.. never done it on =<2.4 so I couldn't tell you.
>
> Set it to 0, and you can avoid these problems.
>
This is a really ugly bandaid, by the way. Why stop there, when we could
take symlinks out the the kernel / filesystem [1] and avoid all those
other security problems.
> Andy
>
[1] Or wherever the fuck symlinks are, I'm a hardware guy.
