The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forwarded message from Elliot Lee



Is this bug present in our wu-ftpd ?

------- start of forwarded message (RFC 934 encapsulation) -------
Article: 851 of chiark.mail.linux-security
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <Pine.LNX.3.95.960821094915.8693A-100000@fbn.globalent.net>
MIME-Version: 1.0
Message-ID: <Pine.LNX.3.95.960821100212.15615J-100000@dilbert.redhat.com>
Newsgroups: chiark.mail.linux-security
Path: ewrotcd!mail-to-news!not-for-mail
Precedence: list
Received-001: from artemis.chu.cam.ac.uk ([131.111.131.1]) by chiark.chu.cam.ac.uk
	 with smtp id m0utW4m-0004OAC
	(Debian /\oo/\ Smail3.1.29.1 #29.35); Thu, 22 Aug 96 10:29 BST
Received-002: from gate.insite.co.uk ([193.123.212.10]) by artemis.chu.cam.ac.uk
	 with smtp (ident root using rfc1413) id m0utUzI-0002gAC
	(Debian /\oo/\ Smail3.1.29.1 #29.37); Thu, 22 Aug 96 09:19 BST
Received-003: from marmoset.cv.nrao.edu (root@marmoset.cv.nrao.edu [192.33.115.176]) by gate.insite.co.uk (8.6.9/8.6.12) with ESMTP id HAA01782; Thu, 22 Aug 1996 07:27:40 GMT
Received-004: from tarsier.cv.nrao.edu (majdom@tarsier.cv.nrao.edu [192.33.115.50]) by marmoset.cv.nrao.edu (8.6.12/$Revision: 3.23 $) with ESMTP id BAA28348; Thu, 22 Aug 1996 01:56:19 -0400
Received-005: (from majdom@localhost) by tarsier.cv.nrao.edu (8.6.13/$Revision: 2.10 $) id BAA06778; Thu, 22 Aug 1996 01:56:16 -0400
References: <Pine.LNX.3.95.960821094915.8693A-100000@fbn.globalent.net>
Return-Path: <owner-linux-security@tarsier.cv.nrao.edu>
X-Authentication-Warning: dilbert.redhat.com: sopwith owned process doing -bs
X-Original-Date: Wed, 21 Aug 1996 10:05:52 -0400 (EDT)
X-Original-From_: owner-linux-security@tarsier.cv.nrao.edu Thu Aug 22 10:29:21 1996
Lines: 59
From: Elliot Lee <sopwith@redhat.com>
Sender: owner-linux-security@tarsier.cv.nrao.edu
To: Roscinante <rosc@fbn.globalent.net>
cc: linux-security@tarsier.cv.nrao.edu
Subject: [linux-security] Re: Anon ftp pkg?
Date: Thu, 22 Aug 1996 10:47:40 GMT

On Wed, 21 Aug 1996, Roscinante wrote:

> Does the updated anonftp pkg have a fixed version of tar?

Yes, that's all that changed :-)

> I've been trying all night to get rpm working on my slack system, am I
> wasting my time (someone told me all thats in the updated anonftp pkg is
> a config script)? 

No.

>  Are there options in tar that should be disabled at compile time?
> What options are exploitable? Please cc me directly.

I have attached a patch to tar that you can compile tar with to fix it.

Hope this helps,
 --==== Elliot Lee = <sopwith@redhat.com> == Red Hat Software ====--
"Usenet is like a herd of performing elephants with diarrhea; massive,
 difficult to redirect, awe-inspiring, entertaining, and a source of
 mind-boggling amounts of excrement when you least expect it."

- --- tar-1.11.8/src/tar.c.sopwith	Sat Jun 17 16:48:32 1995
+++ tar-1.11.8/src/tar.c	Mon Aug 19 12:19:16 1996
@@ -22,6 +22,8 @@
 
 #include "system.h"
 
+#include <syslog.h>
+
 #ifndef FNM_LEADING_DIR
 # include <fnmatch.h>
 #endif
@@ -1202,14 +1204,19 @@
 	break;
 
       case OPTION_COMPRESS_PROG:
- -	if (flag_compressprog)
- -	  ERROR ((TAREXIT_FAILURE, 0,
- -		  _("Only one compression option permitted")));
- -	flag_compressprog = optarg;
+	openlog("ftp tar", 0, LOG_DAEMON);
+	syslog(LOG_WARNING,"Attempt to run tar via FTP with compress command %s",
+		optarg);
+	closelog();
+	flag_compressprog = NULL;
 	break;
 
       case OPTION_RSH_COMMAND:
- -	flag_rsh_command = optarg;
+	openlog("ftp tar", 0, LOG_DAEMON);
+	syslog(LOG_WARNING,"Attempt to run tar via FTP with rsh command %s",
+		optarg);
+	closelog();
+	flag_rsh_command = NULL;
 	break;
 
       case 'g':

------- end -------