[3888] in bugtraq
Re: serious security bug in wu-ftpd v2.4
daemon@ATHENA.MIT.EDU (Wietse Venema)
Sun Jan 5 00:07:36 1997
Date: Sat, 4 Jan 1997 21:42:58 -0500
Reply-To: Wietse Venema <wietse@porcupine.org>
From: Wietse Venema <wietse@porcupine.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SUN.3.94.970104122849.29802G-100000@dfw.dfw.net> from
"Aleph One" at Jan 4, 97 12:30:21 pm
The fix as proposed by the author (specific to the dologout()
function) is probably not sufficient.
There are many places where ftpd temporariliy raises its privilege
level and could be tractorbeamed away due to the arrival of a
signal.
Thus, all code fragments that run between seteuid(0) and seteuid(user)
should be considered critical regions. I recommend that all signals
be suspended while ftpd does its critical stuff.
I'm fixing the logdaemon ftpd, which seems to have the same problem.
Wietse
