Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: wu-ftpd info.

Re: wu-ftpd info.

Gene Spafford (spafcs.purdue.edu)
Wed, 13 Apr 94 13:28:44 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc W. Mengel: "Re: wu-ftpd info."
Previous message: Rob Quinn: "Re: wu-ftpd info."
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Marc W. Mengel: "Re: wu-ftpd info."

Principal problem is that the chrooted environemnt is only for
anonymous ftp.  If I ftp in to a user account, it lets me do that and
it does *not* chroot the directory.  The hazards should be obvious.

Add to that the fact that even in a chrooted directory under anonymous
ftp, getting on as a privileged user can be dangerous -- the files are
accessible from the regular file systems (e.g., user accounts).

For instance:
attacker uses ftp to create suid-root shell in ftp directory
attacker logs in as user foo (bin, uucp, etc) and executes suid shell
  from ftp directory
attacker romps

--spaf

Next message: Marc W. Mengel: "Re: wu-ftpd info."
Previous message: Rob Quinn: "Re: wu-ftpd info."
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Marc W. Mengel: "Re: wu-ftpd info."