Bugtraq mailing list archives
proftpd non-root patch
From: lamagra () HACKERMAIL NET (Lamagra Argamal)
Date: Fri, 14 Jul 2000 10:49:06 -0000
When a proftpd server is running on a high port (> 1024), it doesn't need root priviledges anymore to bind a dataconnection to the ftpport-1. My patch checks for this and drops uid 0 after authentication. The next snippets are from my proftp-1.2 running on port 2021. <-snip-> [root@bubbles proftpd-1.2]# ps uax|grep proftpd lamagra 490 1.5 1.0 1376 1008 ? S 09:28 0:00 proftpd: lamagra - lo nobody 487 0.0 0.8 1356 776 ? S 09:28 0:00 proftpd (accepting co [root@bubbles proftpd-1.2]# grep Uid /proc/490/status Uid: 500 500 500 500 [root@bubbles proftpd-1.2]# grep Gid /proc/490/status Gid: 500 500 500 500 <-snap-> As you can see it runs fully without priviledges after authenctication. ---> If you don't like non-standard things, stop reading here <-- My patch also includes an extra option: by setting the option "NonrootServer" on in the configfile of proftpd, it doesn't use ftpport-1 as a dataport. It becomes replaced with a dynamicly assigned (by the kernel) port, these are high ports. If this feature is selected all priviledges are dropped after authentication. As seen in the next snippet. <-snip-> tcp 1 0 localhost:1285 localhost:1284 TIME_WAIT This is the dataconnection binded to a high port. ftp 527 0.0 0.8 1396 848 ? S 09:31 0:00 proftpd: ftp - localh Uid: 14 14 14 14 In proftpd.conf: NonrootServer on <-snap-> I don't see any problems with this except that the rfc says ftpport-1. If anyone can see a problem, please contact me as I'd like to know. -lamagra http://lamagra.seKure.de Send someone a cool Dynamitemail flashcard greeting!! And get rewarded. GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41 <HR NOSHADE> <UL> <LI>application/octet-stream attachment: proftp.patch </UL>
Current thread:
- Security Advisory: Netscape Administration Server Password Disclosure. ( netscape.ad-1.00-07 ) f0bic (Jul 11)
- Re: Security Advisory: Netscape Administration Server Password Disclosure. ( netscape.ad-1.00-07 ) Peter W (Jul 12)
- proftpd non-root patch Lamagra Argamal (Jul 14)
- IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Georgi Guninski (Jul 14)