From nobody  Wed Apr 29 11:22:43 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA29276;
          Wed, 29 Apr 1998 11:22:43 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199804291822.LAA29276@hub.freebsd.org>
Date: Wed, 29 Apr 1998 11:22:43 -0700 (PDT)
From: mcuratol@berkeleymicro.com
To: freebsd-gnats-submit@freebsd.org
Subject: BSD Bug List Page
X-Send-Pr-Version: www-1.0

>Number:         6457
>Category:       misc
>Synopsis:       BSD Bug List Page
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          support
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 29 11:30:01 PDT 1998
>Closed-Date:    Fri Jul 3 01:43:23 PDT 1998
>Last-Modified:  Fri Jul  3 01:46:12 PDT 1998
>Originator:     Melina Curatolo
>Release:        None
>Organization:
>Environment:
>Description:
I ran across this page that lists certain security holes/bugs when
using BSD.  Thought someone over might take a look at the list in
hopes that most of these problems are fixed in future versions.

http://oliver.efri.hr/~crv/security/bugs/BSD/ftpd5.html

I think by far BSD is the least volatile when compared to Solaris
or even Linux.  Keep up the good work!
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:

From: David Greenman <dg@root.com>
To: mcuratol@berkeleymicro.com
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/6457: BSD Bug List Page 
Date: Wed, 29 Apr 1998 22:46:43 -0700

 >
 >>Number:         6457
 >>Category:       misc
 >>Synopsis:       BSD Bug List Page
 >>Confidential:   no
 >>Severity:       non-critical
 >>Priority:       low
 >>Responsible:    freebsd-bugs
 >>State:          open
 >>Quarter:
 >>Keywords:
 >>Date-Required:
 >>Class:          support
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Wed Apr 29 11:30:01 PDT 1998
 >>Last-Modified:
 >>Originator:     Melina Curatolo
 >>Organization:
 >>Release:        None
 >>Environment:
 >>Description:
 >I ran across this page that lists certain security holes/bugs when
 >using BSD.  Thought someone over might take a look at the list in
 >hopes that most of these problems are fixed in future versions.
 >
 >http://oliver.efri.hr/~crv/security/bugs/BSD/ftpd5.html
 >
 >I think by far BSD is the least volatile when compared to Solaris
 >or even Linux.  Keep up the good work!
 
    I just looked at that. The example shows sending a sig-11 to the ftp
 client at which point it core dumps. It doesn't mention what was found in
 the core file, but I'd guess that it has the user/password that the user
 had just entered. While it is probably undesirable for that to be put
 into a core file, it has nothing to do with the ftpd server process on
 the remote machine and further, the core file will only be accessible to
 the user who created it. I think it's a bit of a stretch to call this
 a "security hole".
 
 -DG
 
 David Greenman
 Co-founder/Principal Architect, The FreeBSD Project
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Fri Jul 3 01:43:23 PDT 1998 
State-Changed-Why:  
Nothing on this list seems like a real security problem to me. 

We apologize for late response to this PR.  
>Unformatted:
