On Sun, 2008-03-09 at 03:50 -0400, Adam McDougall wrote: > Mar 8 17:02:17 boomhauer dovecot: auth-worker(default): BUG: PASSV had > missing parameters
Thanks, I kept trying to figure out what caused this and then started wondering about password escaping and found the security hole. I still hadn't figured out what caused this though, until I realized that passwords can have linefeeds as well which can cause this. > Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 This still shouldn't happen though. I didn't try to reproduce this yet. It's anyway quite difficult to get core dumps out of login processes. I'm not sure if FreeBSD lets you do that in some special way, but there are at least two things in the way: 1. Kernel thinks it's a setuid program, and setuid programs don't core dump. 2. It's chrooted to a non-writable directory.
signature.asc
Description: This is a digitally signed message part
