Bugtraq mailing list archives

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

From: casper () Holland Sun COM (Casper Dik)
Date: Thu, 13 Jul 1995 10:18:29 +0200

Am I correct in stating that this problem only occurs on SVR4 based unix's
[where /proc exists]?  Or would, say, SunOS 4.1.x be affected?



It does not occur on SVR4 based Unixes.  It occurs only on Linux /pro
implementation.

The SVR4 /proc implemntations only have one file for each process
in /proc.  You're not allowed to access that file unless you're root
or your privs are a superset of that process' privs.

Since ftpd runs with a real-uid of root, you cannot access the /proc
entry of your own ftpd.

Casper

Current thread:

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Dan Thorson (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Casper Dik (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
  - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Casper Dik (Jul 13)
  - NT sniper bug? Brian Court (Jul 14)
    - Re: NT sniper bug? Firewall Mailing Lists Account (Jul 15)
    - Re: NT sniper bug? Forrest Aldrich (Jul 16)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jas (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Scott Barman (Jul 13)
- <Possible follow-ups>
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Joerg Czeranski (Jul 13)