Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: marekm () i17linuxb ists pwr wroc pl (Marek Michalkiewicz)
Date: Thu, 6 Jul 1995 13:59:39 +0200

bt:

You have to run as root to setuid to the user, to open the log files,
and to chroot (for anon) to the ftp dir.. of course after login, root
privs are not really needed.


They are needed to create ftp-data sockets (privileged port number).
That's why ftpd runs (most of the time) with the effective uid of the
user who is logged in, but real uid 0 (so that it can get root privs
for a while, to create a socket).  But no external program (like ls,
gzip, tar, ...) needs to run as root - there should be something like
setgid(getegid()); setuid(geteuid()); between fork and exec in ftpd_popen.
This would prevent the slackware hole from giving root access.

Comments?

Marek Michalkiewicz

Current thread:

Re: SM 8.6.12, (continued)
- - - Re: SM 8.6.12 Eric Allman (Jul 16)
    - inetd probs Mark (Jul 17)
    - Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
    - Re: SM 8.6.12 System Administrator (Jul 18)
    - ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
    - HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
    - Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
  - Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
    - Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
  - Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
  - Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
  - Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)