Xref: utzoo comp.bugs.4bsd:1084 comp.unix.wizards:12525
Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!ncar!boulder!sunybcs!bingvaxu!leah!rds95
From: rds95@leah.Albany.Edu (Robert Seals)
Newsgroups: comp.bugs.4bsd,comp.unix.wizards
Subject: Re: ftpd security bug revisited: patches for 4.2bsd
Summary: My hacks for Ultrix
Keywords: ftpd, unix, bug, 4.2bsd, security
Message-ID: <1270@leah.Albany.Edu>
Date: 17 Nov 88 16:01:15 GMT
References: <565@comdesign.CDI.COM>
Organization: The University at Albany, Computer Services Center
Lines: 20

In article <565@comdesign.CDI.COM>, pst@comdesign.cdi.com (Paul Traina) writes:
> UCB was kind enough to supply source code for all of ftpd,  however it
> was for 4.3bsd.  I think I've patched the ftpd source for 4.2 compatibility,
> but I'd like to make sure that I didn't do anything stupid.  If there's

Ditto, except for Ultrix 1.2 and 2.2 (they involved the same changes).

> 	popen:		uid_t doesn't exist in 4.2 sys/types, looked like it
> 			  should be sizeof() return of vfork (size of a pid),
> 			  so I typedef'ed to int.

I peeked at 4.3's sys/types.h, and it claimed u_short, so I put it in mine,
too.

The resulting thing seems to work. Is it more secure than the old version?
Beats me!! Does it REALLY work? Beats me!!

> Paul Traina				To believe that what is true for

rob