Re: wu-ftpd info.

paulvix.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rob Quinn: "Re: wu-ftpd info."
• Previous message: Perry E. Metzger: "Re: NFS exporting"
• In reply to: Ken Hardy: "Re: wu-ftpd info."
• Next in thread: Rob Quinn: "Re: wu-ftpd info."

> What are the dangers posed by someone gaining root access, as through a
> trojaned ftpd, in a _chrooted_ environment, assuming that the environment
> gets chrooted before there's any chance of compromise?  Granted, you
> don't want strangers enabled to wreak havoc with your ftp heirarchy
> (and planting _more_ trojans), but what kind of threats can be posed
> to the rest of the system from such a toehold?

well, one of the bugs that was fixed permitted (on rare systems, none of
mine and none i know of) the root access before the chroot (!) happened.

however, even after chrooting, if you didn't get chrooted to a device that
is mounted "nosuid,nodev", you can either create setuid executables that
other nonchrooted users can use, or you can make your own /dev entries
(which, once you open them, aren't affected by chroot -- they should be!).

• Next message: Rob Quinn: "Re: wu-ftpd info."
• Previous message: Perry E. Metzger: "Re: NFS exporting"
• In reply to: Ken Hardy: "Re: wu-ftpd info."
• Next in thread: Rob Quinn: "Re: wu-ftpd info."