Bugtraq mailing list archives
Re: wu-ftpd info.
From: wam () staff cc purdue edu (William McVey)
Date: Wed, 13 Apr 1994 11:14:40 -0500
Ken Hardy wrote:
What are the dangers posed by someone gaining root access, as through a trojaned ftpd, in a _chrooted_ environment, assuming that the environment gets chrooted before there's any chance of compromise?
Since the particular directory you are talking about is the ftp directory, a BadGuy(tm) could upload himself all the things he needs to break out of a chroot filesystem. A precompiled program that uses fchroot(1) could be uploaded and run as root to get you to the "real" filesytem. A BadGuy(tm) could also upload and use mknod(8) to break out of the chroot since devices have no idea whether they are chrooted or not. In summary, chroot() is only effective if you control what files a person has access to within the chroot-ed area. This is not normally the case with a compromised ftp directory. - William McVey Purdue University Computing Center Systems Administration Group
Current thread:
- Re: wu-ftpd info., (continued)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Paul Walmsley (Apr 13)
- Re: wu-ftpd info. Ken Hardy (Apr 13)
- Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Rob Quinn (Apr 13)
- Re: wu-ftpd info. Gene Spafford (Apr 13)
- Re: wu-ftpd info. Marc W. Mengel (Apr 13)
- Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)