Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: marekm () i17linuxb ists pwr wroc pl (Marek Michalkiewicz)
Date: Thu, 6 Jul 1995 13:59:39 +0200
bt:
You have to run as root to setuid to the user, to open the log files, and to chroot (for anon) to the ftp dir.. of course after login, root privs are not really needed.
They are needed to create ftp-data sockets (privileged port number). That's why ftpd runs (most of the time) with the effective uid of the user who is logged in, but real uid 0 (so that it can get root privs for a while, to create a socket). But no external program (like ls, gzip, tar, ...) needs to run as root - there should be something like setgid(getegid()); setuid(geteuid()); between fork and exec in ftpd_popen. This would prevent the slackware hole from giving root access. Comments? Marek Michalkiewicz
Current thread:
- Re: SM 8.6.12, (continued)
- Re: SM 8.6.12 Eric Allman (Jul 16)
- inetd probs Mark (Jul 17)
- Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
- Re: SM 8.6.12 System Administrator (Jul 18)
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)