|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: wu-ftpd info.
smb
research.att.comWed, 13 Apr 94 12:01:40 EDT
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Scott D. Yelich: "NFS exporting"
- Previous message: William McVey: "Re: wu-ftpd info."
- Maybe in reply to: Christopher Klaus: "wu-ftpd info."
- Next in thread: der Mouse: "Re: wu-ftpd info."
What are the dangers posed by someone gaining root access, as
through a trojaned ftpd, in a _chrooted_ environment, assuming
that the environment gets chrooted before there's any chance
of compromise? Granted, you don't want strangers enabled to
wreak havoc with your ftp heirarchy (and planting _more_
trojans), but what kind of threats can be posed to the rest of
the system from such a toehold?
The answer comes from observing that chroot() provides the process
with a different file name space, but it does not isolate it from
other attributes of the machine. For example, the machine's network
identity remainds the same. How about this:
ypcat passwd
This will get the real passwd file -- with all that implies.
The chroot area also shares the same bdevsw space; thus, root can do
mknod ~ftp/sd0a b 7 0
or equivalent.
- Next message: Scott D. Yelich: "NFS exporting"
- Previous message: William McVey: "Re: wu-ftpd info."
- Maybe in reply to: Christopher Klaus: "wu-ftpd info."
- Next in thread: der Mouse: "Re: wu-ftpd info."