From owner-doc-jp@jp.freebsd.org  Thu Jul 13 20:58:20 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA00309;
	Thu, 13 Jul 2000 20:58:20 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from tortoise.jp.freebsd.org (root@tortoise.jp.FreeBSD.ORG [210.157.158.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id UAA00304
	for <doc-jp@jp.freebsd.org>; Thu, 13 Jul 2000 20:58:20 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (waterblue.imgsrc.co.jp [2001:218:422:2:250:70ff:fe00:6c68])
	by tortoise.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP/IPv6 id UAA08149
	for <doc-jp@jp.freebsd.org>; Thu, 13 Jul 2000 20:58:19 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (localhost [127.0.0.1])
	by waterblue.imgsrc.co.jp (8.11.0.Beta3/8.11.0.Beta1) with ESMTP id e6DBwIG14586
	for <doc-jp@jp.freebsd.org>; Thu, 13 Jul 2000 20:58:18 +0900 (JST)
Date: Thu, 13 Jul 2000 20:58:18 +0900
Message-ID: <7mvgyamecl.wl@waterblue.imgsrc.co.jp>
From: Jun Kuriyama <kuriyama@FreeBSD.org>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "10 Jul 2000 14:48:54 GMT"
	<20000710144839.18907.qmail@smtp.246.ne.jp>
References: <20000705230239.8E2CF37B8B6@hub.freebsd.org>
	<20000710144839.18907.qmail@smtp.246.ne.jp>
User-Agent: Wanderlust/1.1.1 (Purple Rain) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) MULE XEmacs/21.1 (patch 10) (Capitol Reef) (i386--freebsd)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7541
Subject: [doc-jp 7541] Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:24.libedit
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: kuriyama@FreeBSD.org

At 10 Jul 2000 14:48:54 GMT,
koga@jp wrote:
> libedit is a library of routines for providing command editing and
> history retrieval for interactive command-oriented programs.
> 
> libedit $B$O!"BPOCE*$J%3%^%s%I;X8~%W%m%0%i%`MQ$K!"%3%^%s%IJT=8$d%R%9%H%j(B
> $B$N3MF@5!G=$rDs6!$9$k%i%$%V%i%j$G$9!#(B

$B!!0ULu$9$k$H!"!VF~NO9T$NJT=8$d%R%9%H%j5!G=!W$+$J$"!#(Bman editline(3) $B$@$H(B
$B$=$s$J46$8$K=q$$$F$"$k!#(B

> libedit incorrectly reads an ".editrc" file in the current directory
> if it exists, in order to specify configurable program
> behaviour. However it does not check for ownership of the file, so an
> attacker can cause a libedit application to execute arbitrary key
> rebindings and exercise terminal capabilities by creating an .editrc
> file in a directory from which another user executes a libedit binary
> (e.g. root running ftp(1) from /tmp). This can be used to fool the
> user into unknowingly executing program commands which may compromise
> system security. For example, ftp(1) includes the ability to escape to
> a shell and execute a command, which can be done under libedit
> control.
> 
> libedit $B$O!"%+%l%s%H%G%#%l%/%H%j$K(B .editrc $B%U%!%$%k$,B8:_$9$k>l9g!"(B
> $B$3$l$rITE,@Z$KFI$_9~$s$G!"(Bconfigurable $B$J%W%m%0%i%`$NF0:n$r;XDj$7$F$7(B
> $B$^$$$^$9!#(B

$B!!$I$C$A$+$H$$$&$H!V%W%m%0%i%`$NF0:n@_Dj$N;XDj$rITE,@Z$KFI$_9~$s$G$7$^$$(B
$B$^$9!#!W$,9%$-$+$J!#(B

> .editrc $B%U%!%$%k$N%*!<%J$r3NG'$7$J$$$N$G!"(Blibedit $B$r;HMQ$7$F(B
> $B$$$k%W%m%0%i%`$rB>$N%f!<%6$,<B9T$9$k%G%#%l%/%H%j$K(B .editrc $B%U%!%$%k$r(B
> $BMQ0U$9$k$3$H$G!"$=$N%W%m%0%i%`$G;HMQ$9$k%-!<%P%$%s%I$r:F@_Dj$5$;$?$j!"(B
> $BC<Kv$N(B capabilities $B$r(B exercise $B$9$k$h$&$J967b$,2DG=$G$9(B ($BNc(B. /tmp 
> $B%G%#%l%/%H%j$G(B root $B$,(B ftp(1) $B$r<B9T$9$k(B)$B!#(B

$B$o$+$j$K$/$$$1$IBe0F$,;W$$Ib$+$P$J$$!#(B
$B!VC<Kv$N(B capabilities $B$K1F6A$r$*$h$\$9$h$&$J967b$,2DG=$G$9!W(B

> $B$3$N967b$K$h$j!"%W%m%0%i%`(B
> $B$N%3%^%s%I$r<B9T$9$k%f!<%6$,Lu$NJ,$+$i$J$$>uBV$K$J$j!"%;%-%e%j%F%#>e(B
> $BLdBj$H$J$j$^$9!#$?$H$($P!"(Bftp(1) $B$O%7%'%k$K%(%9%1!<%W$9$k$7$F%3%^%s%I(B
> $B$r<B9T$9$k$3$H$,$G$-$^$9$,!"$3$l$O(B libedit $B$N%3%s%H%m!<%kG[2<$G<B9T$5(B
> $B$l$^$9!#(B

$B!V$9$k$7$F!W"*!V$7$F!W(B


-- 
Jun Kuriyama <kuriyama@FreeBSD.org> // FreeBSD Project
