Bugtraq mailing list archives
Delegate creates directories writable for anyone
From: rhialto () POLDER UBC KUN NL (Olaf Seibert)
Date: Wed, 21 Jul 1999 14:00:34 +0200
On 30 june, I wrote (approximately) the following email to the author of Delegate, a multi-protocol proxy deamon (ftp, http, telnet, etc). So far I have received no reply, so now I'm posting here. The Delegate home page is at http://wall.etl.go.jp/delegate/ . Hello Yutaka Sato, I am starting to use your delegate proxy on NetBSD. I noticed that it creates lots of files and directories in the DGROOT directory that are writable for everybody. This is my configuration: -P21 SERVER=ftp://ftp.[removed] PERMIT=[removed] DGROOT=/tmp/delegate OWNER=delegate Delegate is started from inetd.conf: ftp stream tcp wait delegate /usr/local/bin/delegated /usr/local/bin/delegated +=/etc/delegated.conf Output of ls -alR /tmp/delegate: total 14 drwxrwxrwx 7 delegate wheel 512 Jun 30 16:01 . drwxrwxrwt 4 root wheel 512 Jun 30 16:07 .. drwxrwxrwx 5 delegate wheel 512 Jun 30 16:01 act drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 etc drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 log drwxr-xr-x 3 delegate wheel 512 Jun 30 16:06 tmp drwxrwxrwx 2 delegate wheel 512 Jun 30 16:06 work [lots removed] delegate/tmp/resolvy/ab3f2cfb31e801face8fa9c06c38ab4b/byname: total 8 drwxrwxrwx 2 delegate wheel 512 Jun 30 16:01 . drwxrwxrwx 4 delegate wheel 512 Jun 30 16:01 .. -rw-rw-rw- 1 delegate wheel 50 Jun 30 16:01 09 -rw-rw-rw- 1 delegate wheel 49 Jun 30 16:01 12 This is of course not good from a security viewpoint. Can you please fix this? Another thing: If I start delegate as root, and it changes to another user, some of these directories are made as root, and later delegate claims it cannot create some other files. Thank you in advance. -Olaf. -- ___ Olaf 'Rhialto' Seibert - ___ Olaf 'Rhialto' Seibert - rhialto () polder ubc. ---- Unauthorized duplication, \X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.
Current thread:
- Re: Shared memory DoS's, (continued)
- Re: Shared memory DoS's Mike Perry (Jul 17)
- Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 David Luyer (Jul 16)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Ollivier Robert (Jul 19)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Matt Dunn (Jul 22)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Daniele Orlandi (Jul 24)
- Re: Shared memory DoS's Glynn Clements (Jul 16)
- Re: Shared memory DoS's Mike Perry (Jul 16)
- Re: Shared memory DoS's Howard Kaye (Jul 19)
- Samba 2.0.5 security fixes Andrew Tridgell (Jul 20)
- Re: Shared memory DoS's Richard Shetron (Jul 20)
- Delegate creates directories writable for anyone Olaf Seibert (Jul 21)
- Administrivia Aleph One (Jul 22)
- SNMP communities in 3Com HiPer Arcs (maybe other 3Com products?) Jeff Mcadams (Jul 20)
- Correction to Microsoft Security Bulletin MS99-025 aleph1 () UNDERGROUND ORG (Jul 20)