Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999-q3

Bugtraq Archives: Delegate creates directories writable for any

Delegate creates directories writable for anyone

Olaf Seibert (rhialtoPOLDER.UBC.KUN.NL)
Wed, 21 Jul 1999 14:00:34 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Andrew Tridgell: "Samba 2.0.5 security fixes"
Previous message: Richard Shetron: "Re: Shared memory DoS's"
Next in thread: KOJIMA Hajime: "Re: Delegate creates directories writable for anyone"
Reply: KOJIMA Hajime: "Re: Delegate creates directories writable for anyone"

On 30 june, I wrote (approximately) the following email to the author of
Delegate, a multi-protocol proxy deamon (ftp, http, telnet, etc). So far
I have received no reply, so now I'm posting here.

The Delegate home page is at http://wall.etl.go.jp/delegate/ .

Hello Yutaka Sato,

I am starting to use your delegate proxy on NetBSD. I noticed that it
creates lots of files and directories in the DGROOT directory that are
writable for everybody. This is my configuration:

-P21
SERVER=ftp://ftp.[removed]
PERMIT=[removed]
DGROOT=/tmp/delegate
OWNER=delegate

Delegate is started from inetd.conf:

ftp stream tcp wait delegate /usr/local/bin/delegated
/usr/local/bin/delegated +=/etc/delegated.conf

Output of ls -alR /tmp/delegate:

total 14
drwxrwxrwx 7 delegate wheel 512 Jun 30 16:01 .
drwxrwxrwt 4 root wheel 512 Jun 30 16:07 ..
drwxrwxrwx 5 delegate wheel 512 Jun 30 16:01 act
drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 etc
drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 log
drwxr-xr-x 3 delegate wheel 512 Jun 30 16:06 tmp
drwxrwxrwx 2 delegate wheel 512 Jun 30 16:06 work

[lots removed]

delegate/tmp/resolvy/ab3f2cfb31e801face8fa9c06c38ab4b/byname:
total 8
drwxrwxrwx 2 delegate wheel 512 Jun 30 16:01 .
drwxrwxrwx 4 delegate wheel 512 Jun 30 16:01 ..
-rw-rw-rw- 1 delegate wheel 50 Jun 30 16:01 09
-rw-rw-rw- 1 delegate wheel 49 Jun 30 16:01 12

This is of course not good from a security viewpoint. Can you please fix
this?

Another thing: If I start delegate as root, and it changes to another
user, some of these directories are made as root, and later delegate
claims it cannot create some other files.

Thank you in advance.
-Olaf.

--
___ Olaf 'Rhialto' Seibert - ___ Olaf 'Rhialto' Seibert - rhialtopolder.ubc. ---- Unauthorized duplication,
\X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.

Next message: Andrew Tridgell: "Samba 2.0.5 security fixes"
Previous message: Richard Shetron: "Re: Shared memory DoS's"
Next in thread: KOJIMA Hajime: "Re: Delegate creates directories writable for anyone"
Reply: KOJIMA Hajime: "Re: Delegate creates directories writable for anyone"

This archive was generated by hypermail 2.0b3 on Tue Jul 20 1999 - 23:08:15 CDT