Re: segfault in ftpd

From: Mikko Tyolajarvi (mikko@dynas.se)
Date: 04/24/02

Next message: Garrett Wollman: "Re: segfault in ftpd"
Previous message: Jason Stone: "Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
In reply to: Blaz Zupan: "segfault in ftpd"
Next in thread: Garrett Wollman: "Re: segfault in ftpd"
Reply: Garrett Wollman: "Re: segfault in ftpd"
Reply: Blaz Zupan: "Re: segfault in ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 23 Apr 2002 19:53:53 -0700 (PDT)
From: Mikko Tyolajarvi <mikko@dynas.se>
To: blaz@si.FreeBSD.org

In local.freebsd.security you write:

>For some time now I see messages like this in the logs on our webserver:

>pid 36861 (ftpd), uid 29987: exited on signal 11

>This is with the stock ftpd on 4.5-RELEASE-p3 (users use it to upload their
>web pages to it). I compiled ftpd with -g and tried to set it up so that I get
>a coredump. I configured:

> mkdir /var/coredumps
> chmod 1777 /var/coredumps
> sysctl kern.corefile=/var/coredumps/%U.%N.%P.core

>Now I can create a simple program that crashes and the core will be written to
>/var/coredumps. But ftpd simply does not want to create a coredump. As far as
>I can see, /etc/login.conf specifies coredumpsize=unlimited. Is there anything
>else I need to configure or tune to be able to catch a coredump?

Try:

sysctl kern.sugid_coredump=1

If ftpd crashes after user login, then UID != EUID (which is what
makes it such a security problem in the first place -- how often do
you _really_ need to change user in the middle of an ftp session?
It should just switch uid and be done with it, IMHO).

$.02,
/Mikko

-- 
 Mikko Työläjärvi_______________________________________mikko@rsasecurity.com
 RSA Security
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Garrett Wollman: "Re: segfault in ftpd"
Previous message: Jason Stone: "Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio"
In reply to: Blaz Zupan: "segfault in ftpd"
Next in thread: Garrett Wollman: "Re: segfault in ftpd"
Reply: Garrett Wollman: "Re: segfault in ftpd"
Reply: Blaz Zupan: "Re: segfault in ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

segfault in ftpd
... For some time now I see messages like this in the logs on our webserver: ... This is with the stock ftpd on 4.5-RELEASE-p3 (users use it to upload their ... But ftpd simply does not want to create a coredump. ...
(FreeBSD-Security)
diagnosing FTPD
... From couple of days I see entries in my /var/log/messages ... Currently there are about 200 connections and all is ok - ftpd is ... no coredump or big load. ... My assumptions is that hosts open too many connections and on closing ...
(freebsd-questions)
Re: Secure Servers (SMTP, POP3, FTP)
... ftpd - Dodgy security? ... FreeBSD's ftpd has one of the best track records of all ftp servers. ... The last known security problem was several years ago, ...
(FreeBSD-Security)