From owner-doc-jp@jp.freebsd.org  Fri Jul 14 02:17:48 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id CAA19430;
	Fri, 14 Jul 2000 02:17:48 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id CAA19398
	for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 02:17:47 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id CAA23226 for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 02:17:46 +0900 (JST)
Received: from mail.hrs.jp (sutnmax2-ppp37.ed.noda.sut.ac.jp [133.31.173.107]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id CAA17097 for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 02:17:45 +0900 (JST)
Message-Id: <200007131717.CAA17097@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id BAA12200
	for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 01:51:20 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000710144839.18907.qmail@smtp.246.ne.jp>
References: <20000705230239.8E2CF37B8B6@hub.freebsd.org>
	<20000710144839.18907.qmail@smtp.246.ne.jp>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Fri, 14 Jul 2000 01:51:19 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 49
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7554
Subject: [doc-jp 7554] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:24.libedit
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

Koga Youichirou <y-koga@jp.freebsd.org> wrote
 in <20000710144839.18907.qmail@smtp.246.ne.jp>:

> libedit incorrectly reads an ".editrc" file in the current directory
> if it exists, in order to specify configurable program
> behaviour. However it does not check for ownership of the file, so an
> attacker can cause a libedit application to execute arbitrary key
> rebindings and exercise terminal capabilities by creating an .editrc
> file in a directory from which another user executes a libedit binary
> (e.g. root running ftp(1) from /tmp). This can be used to fool the
> user into unknowingly executing program commands which may compromise
> system security. For example, ftp(1) includes the ability to escape to
> a shell and execute a command, which can be done under libedit
> control.
>
> libedit $B$O!"%+%l%s%H%G%#%l%/%H%j$K(B .editrc $B%U%!%$%k$,B8:_$9$k>l9g!"(B
> $B$3$l$rITE,@Z$KFI$_9~$s$G!"(Bconfigurable $B$J%W%m%0%i%`$NF0:n$r;XDj$7$F$7(B
> $B$^$$$^$9!#(B.editrc $B%U%!%$%k$N%*!<%J$r3NG'$7$J$$$N$G!"(Blibedit $B$r;HMQ$7$F(B
> $B$$$k%W%m%0%i%`$rB>$N%f!<%6$,<B9T$9$k%G%#%l%/%H%j$K(B .editrc $B%U%!%$%k$r(B
> $BMQ0U$9$k$3$H$G!"$=$N%W%m%0%i%`$G;HMQ$9$k%-!<%P%$%s%I$r:F@_Dj$5$;$?$j!"(B
> $BC<Kv$N(B capabilities $B$r(B exercise $B$9$k$h$&$J967b$,2DG=$G$9(B ($BNc(B. /tmp 
> $B%G%#%l%/%H%j$G(B root $B$,(B ftp(1) $B$r<B9T$9$k(B)$B!#$3$N967b$K$h$j!"%W%m%0%i%`(B
> $B$N%3%^%s%I$r<B9T$9$k%f!<%6$,Lu$NJ,$+$i$J$$>uBV$K$J$j!"%;%-%e%j%F%#>e(B
> $BLdBj$H$J$j$^$9!#$?$H$($P!"(Bftp(1) $B$O%7%'%k$K%(%9%1!<%W$9$k$7$F%3%^%s%I(B
> $B$r<B9T$9$k$3$H$,$G$-$^$9$,!"$3$l$O(B libedit $B$N%3%s%H%m!<%kG[2<$G<B9T$5(B
> $B$l$^$9!#(B

 |libedit $B$O%+%l%s%H%G%#%l%/%H%j$K(B .editrc $B%U%!%$%k$,B8:_$9$k$H(B
 |$B8m$C$F$=$l$rFI$_9~$_(B, $B%W%m%0%i%`$NF0:n$r@_Dj$7$F$7$^$$$^$9(B.
 |$B$^$?(B, $B$=$N:](B libedit $B$O(B .editrc $B$N=jM-<T$r3NG'$7$^$;$s(B.
 |$B$=$N$?$a(B, $BB>$N%f!<%6$,$"$k%G%#%l%/%H%j$G(B libedit $B$H(B
 |$B%j%s%/$5$l$?%P%$%J%j$r<B9T$9$k(B($B$?$H$($P(B root $B$,(B /tmp $B$+$i(B
 |ftp(1) $B$r<B9T$9$k(B)$B>l9g(B, $B$=$N<B9T;~$N%G%#%l%/%H%j$K(B
 |$B$"$i$+$8$a(B .editrc $B%U%!%$%k$r:n@.$7$F$*$/$3$H$G(B, $B967b<T$O(B
 |$BB>$N%f!<%6$N%-!<%P%$%s%I$rG$0U$K:F@_Dj$7$?$j(B,
 |$BC<Kv$N%1!<%Q%S%j%F%#$rJQ99$9$k$3$H$,2DG=$G$9(B.
 |$B$3$l$OB>$N%f!<%6$,(B, $B%7%9%F%`$N%;%-%e%j%F%#$r?/$9$h$&$J%W%m%0%i%`$r(B
 |$B$=$l$H5$IU$+$:$K<B9T$7$F$7$^$&>u67$rM6H/$5$;$kL\E*$GMxMQ$5$l$k2DG=@-$,(B
 |$B$"$j$^$9(B.  $B$?$H$($P(B ftp(1) $B$K$O%7%'%k$r8F$S=P$7$F%3%^%s%I$r<B9T$9$k(B
 |$B5!G=$,$"$j$^$9$,(B, $B$3$l$O(B libedit $B$K$h$C$F<B8=$5$l$F$$$k$b$N$G$9(B.

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                     j7397067@ed.noda.sut.ac.jp(UNIV)
|                                sato@sekine00.ee.noda.sut.ac.jp(UNIV)
|                                     hrs@FreeBSD.org(FreeBSD Project)
