through it by executing a setuid program while using the server
SCCS-vsn: libexec/ftpd/ftpd.c 4.5
-static char sccsid[] = "@(#)ftpd.c 4.4 (Berkeley) 83/01/15";
+static char sccsid[] = "@(#)ftpd.c 4.5 (Berkeley) 83/01/16";
if (fork())
exit(0);
for (s = 0; s < 10; s++)
if (fork())
exit(0);
for (s = 0; s < 10; s++)
- if (s != 2 && debug) /* don't screw stderr */
- (void) close(s);
(void) open("/dev/null", 0);
(void) dup2(0, 1);
{ int tt = open("/dev/tty", 2);
(void) open("/dev/null", 0);
(void) dup2(0, 1);
{ int tt = open("/dev/tty", 2);
int (*closefunc)();
if (cmd == 0) {
int (*closefunc)();
if (cmd == 0) {
+#ifdef notdef
+ /* no remote command execution -- it's a security hole */
if (*name == '!')
fin = popen(name + 1, "r"), closefunc = pclose;
else
if (*name == '!')
fin = popen(name + 1, "r"), closefunc = pclose;
else
fin = fopen(name, "r"), closefunc = fclose;
} else {
char line[BUFSIZ];
fin = fopen(name, "r"), closefunc = fclose;
} else {
char line[BUFSIZ];
FILE *fout, *din;
int (*closefunc)(), dochown = 0;
FILE *fout, *din;
int (*closefunc)(), dochown = 0;
+#ifdef notdef
+ /* no remote command execution -- it's a security hole */
if (name[0] == '!')
fout = popen(&name[1], "w"), closefunc = pclose;
if (name[0] == '!')
fout = popen(&name[1], "w"), closefunc = pclose;
struct stat st;
if (stat(name, &st) < 0)
struct stat st;
if (stat(name, &st) < 0)