Bugtraq mailing list archives
Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)
From: jwa () nbs nau edu (James W. Abendschan)
Date: Wed, 12 Jul 1995 13:58:34 -0700
People with local ftp access can use the filedescriptors in /proc of the iwu.)ftpd process (which is running under their euid) to read and append to files to which they should not have access. This gives write permission to /var/adm/wtmp and read access to /etc/shadow, if your ftpd is hacked in a 'dirty' way to incorporate shadow passwords. The 2.4 version also gave write access to /var/adm/xferlog. A friend of mine reported write access to /etc/ftpconversions (with possible root vulnerabilities), but I have not been able to repeat that (2.4.2 beta 4 appears to be safe in this)
Maybe I'm completely missing the point, but wouldn't this help? linux# chown root.kmem /proc linux# chmod 750 /proc And then sgid kmem all the binaries that need /proc access: linux# chown root.kmem `which w` `which ps` `which top` (etc) linux# chmod 2755 `which w` `which ps` `which top` (etc) This restricts ordinary users from wandering around in /proc, and thus being able to access the "unclosed" files. James -- James Abendschan jwa () nbs nau edu Will Hack For Food <a href="http://www.nbs.nau.edu/~jwa">Zero Funk Kick</a>
Current thread:
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing, (continued)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Casper Dik (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Ken Wilcox (Jul 11)
- Exploit+fix for Linux SIGURG Marek Michalkiewicz (Jul 11)
- The FTP Bounce Attack *Hobbit* (Jul 11)
- Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Marek Michalkiewicz (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James Seng (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
- Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)