Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

Casper Dik (casperHolland.Sun.COM)
Thu, 13 Jul 1995 10:18:29 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lyndon Nerenberg: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: donparanoia.com: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
In reply to: Dan Thorson: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Next in thread: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"

>Am I correct in stating that this problem only occurs on SVR4 based unix's
>[where /proc exists]?  Or would, say, SunOS 4.1.x be affected?


It does not occur on SVR4 based Unixes.  It occurs only on Linux /pro
implementation.

The SVR4 /proc implemntations only have one file for each process
in /proc.  You're not allowed to access that file unless you're root
or your privs are a superset of that process' privs.

Since ftpd runs with a real-uid of root, you cannot access the /proc
entry of your own ftpd.

Casper

Next message: Lyndon Nerenberg: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: donparanoia.com: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
In reply to: Dan Thorson: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Next in thread: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"