Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: wu-ftpd info.

Re: wu-ftpd info.

jddcdf.toronto.edu
Wed, 13 Apr 1994 13:06:48 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Scott D. Yelich: "NFS exporting"
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."

In message <9404131412.AA01024racerx> you write:
>

>What are the dangers posed by someone gaining root access, as through
>a trojaned ftpd, in a _chrooted_ environment, assuming that the
>environment gets chrooted before there's any chance of compromise?

Easy. Here's one way. Copy /bin/sh (from another machine, if
necessary) to somewhere in the chrooted tree. Make it setuid root. Log
in as another account (not chrooted), eg. guest (or a password-cracked
account). Run the setuid /chrooted_tree/bin/sh. Bingo: root.

John
--
John DiMarco                                              jddcdf.toronto.edu
Computing Disciplines Facility Systems Manager            jddcdf.utoronto.ca
University of Toronto

Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Scott D. Yelich: "NFS exporting"
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."