Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: wu-ftpd info.

Re: wu-ftpd info.

Rob Quinn (rjqphys.ksu.edu)
Wed, 13 Apr 1994 13:12:38 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gene Spafford: "Re: wu-ftpd info."
Previous message: Paul A Vixie: "Re: wu-ftpd info."
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Gene Spafford: "Re: wu-ftpd info."

>What are the dangers posed by someone gaining root access, as through a
>trojaned ftpd, in a _chrooted_ environment, assuming that the environment
>gets chrooted before there's any chance of compromise?  Granted, you
>don't want strangers enabled to wreak havoc with your ftp heirarchy
>(and planting _more_ trojans), but what kind of threats can be posed
>to the rest of the system from such a toehold?

 Assuming they can put some program there and run it as root, they could get
access to things that aren't restricted in a chroot environment, like:
	privileged sockets on the local machine
	device file creation(?)
	create a setuid sh that a normal user (not chroot'ed) could use
	kill() any process (and then replace it) ie. telnetd or login.
 etc etc


-- 
| let's all be different                                                   |
| just like me                                                   Rob Quinn |
|                                                         rjqphys.ksu.edu |
|                                                    QuinnBobKSUVM.BITNET |

Next message: Gene Spafford: "Re: wu-ftpd info."
Previous message: Paul A Vixie: "Re: wu-ftpd info."
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Gene Spafford: "Re: wu-ftpd info."