tech-security: Re: NetBSD Security Advisory 2004-009: ftpd root escalation

Subject: Re: NetBSD Security Advisory 2004-009: ftpd root escalation
To: NetBSD Security-Officer <security-officer@netbsd.org>
From: Gilbert Fernandes <gilbertf@netbsd-fr.org>
List: tech-security
Date: 08/17/2004 23:55:48

On Tue, Aug 17, 2004 at 01:48:16PM -0400, NetBSD Security-Officer wrote:

> 	To update from CVS, re-build, and re-install ftpd:
> 		# cd src
                     ^^

                  cd /usr


> 		# cvs update -d -P src/libexec/ftpd
> 		# cd src/libexec/ftpd
> 
> 		# make USETOOLS=no cleandir dependall
> 		# make USETOOLS=no install

no ?

just upgraded my ftpd and commands do work fine
only if a cd /usr is done instead of the cd src
when you're in /usr as the cvs update is defined
from src/libexec/ftpd and thus assumes you are
in /usr and not /usr/src

-- 
Gilbert Fernandes