Bugtraq mailing list archives

Re: wu-ftpd info.

From: spaf () cs purdue edu (Gene Spafford)
Date: Wed, 13 Apr 94 13:28:44 -0500


Principal problem is that the chrooted environemnt is only for
anonymous ftp.  If I ftp in to a user account, it lets me do that and
it does *not* chroot the directory.  The hazards should be obvious.

Add to that the fact that even in a chrooted directory under anonymous
ftp, getting on as a privileged user can be dangerous -- the files are
accessible from the regular file systems (e.g., user accounts).

For instance:
attacker uses ftp to create suid-root shell in ftp directory
attacker logs in as user foo (bin, uucp, etc) and executes suid shell
  from ftp directory
attacker romps

--spaf

Current thread:

wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
  - Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
  - Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Rob Quinn (Apr 13)
  - Re: wu-ftpd info. Gene Spafford (Apr 13)
  - Re: wu-ftpd info. Marc W. Mengel (Apr 13)
    - Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)