[Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11

Adam McDougall mcdouga9 at egr.msu.edu
Sun Mar 9 17:48:34 EET 2008


Timo Sirainen wrote:
> On Sun, 2008-03-09 at 03:50 -0400, Adam McDougall wrote:
>
>   
>> Mar  8 17:02:17 boomhauer dovecot: auth-worker(default): BUG: PASSV had
>> missing parameters   
>>     
>
> Thanks, I kept trying to figure out what caused this and then started
> wondering about password escaping and found the security hole. I still
> hadn't figured out what caused this though, until I realized that
> passwords can have linefeeds as well which can cause this.
>
>   
>> Mar  8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11
>>     
>
> This still shouldn't happen though. I didn't try to reproduce this yet.
>
> It's anyway quite difficult to get core dumps out of login processes.
> I'm not sure if FreeBSD lets you do that in some special way, but there
> are at least two things in the way:
>
> 1. Kernel thinks it's a setuid program, and setuid programs don't core
> dump.
>
> 2. It's chrooted to a non-writable directory.
>
>   
1. I could enable this:
# sysctl -d kern.sugid_coredump
kern.sugid_coredump: Enable coredumping set user/group ID processes


2. And add an absolute path infront of this that is world writable:
# sysctl kern.corefile
kern.corefile: %N.%P.boomhauer.core


Can you think of a way that I could force the issue to be reproduced
so I can get away with making these changes on less servers?


More information about the dovecot mailing list