Bugtraq mailing list archives

Re: wu-ftpd info.

From: jdd () cdf toronto edu (jdd () cdf toronto edu)
Date: Wed, 13 Apr 1994 13:06:48 -0400


In message <9404131412.AA01024@racerx> you write:

What are the dangers posed by someone gaining root access, as through
a trojaned ftpd, in a _chrooted_ environment, assuming that the
environment gets chrooted before there's any chance of compromise?


Easy. Here's one way. Copy /bin/sh (from another machine, if
necessary) to somewhere in the chrooted tree. Make it setuid root. Log
in as another account (not chrooted), eg. guest (or a password-cracked
account). Run the setuid /chrooted_tree/bin/sh. Bingo: root.

John
--
John DiMarco                                              jdd () cdf toronto edu
Computing Disciplines Facility Systems Manager            jdd () cdf utoronto ca
University of Toronto

Current thread:

wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
  - Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
  - Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Rob Quinn (Apr 13)
  - Re: wu-ftpd info. Gene Spafford (Apr 13)
  - Re: wu-ftpd info. Marc W. Mengel (Apr 13)
    - Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)