Bugtraq mailing list archives
Re: response to the bugtraq report of buffer overruns in imapd LIST command
From: elric () MABELODE IMRRYR ORG (R. C. Dowdeswell)
Date: Mon, 17 Apr 2000 23:02:48 -0700
On 956021099 seconds since the Beginning of the UNIX epoch Mark Crispin wrote:
The final form of the CHROOT_SERVER code, which will be an option in the next distributed version, consists of: if (chroot (home ? home : ANONYMOUSHOME)) return NIL; home = "/"; And, yes, this will do the necessary chdir().
chroot(2)'ing to a users home directory is rather a bad idea in a lot of setups. For example, assume that the machine has one large disk and one partition. Then for a decent number of unices would be vulnerable (on a shell enabled machine) to: $ cd $ mkdir etc $ ln /usr/bin/su $ cp /bin/sh . $ cat root::... > etc/passwd imap in, get into a chroot(2) jail ain your home dir, get a shell, su. Then # chmod 4755 sh Using chroot in a lot of situations is rather dangerous, and one must carefully set up the environment that it runs in. IIRC, the default install of some unices/linuces is to have only one partition. == Roland Dowdeswell http://www.Imrryr.ORG/~elric/ == == The Unofficial NetBSD Web Pages http://www.Imrryr.ORG/NetBSD/ == == The NetBSD Project http://www.NetBSD.ORG/ ==
Current thread:
- Re: Reappearance of an old IE security bug, (continued)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)
- Re: XFree86 server overflow Valentin Pavlov (Apr 17)
- Microsoft Security Bulletin (MS00-025) Microsoft Product Security (Apr 17)
- Re: XFree86 server overflow Paweł Sakowski (Apr 17)
- RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)
- response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command R. C. Dowdeswell (Apr 17)
- xfs security issues (fwd) Chris Evans (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- RUS-CERT Advisory 200004-01: GNU Emacs 20 RUS-CERT, University of Stuttgart (Apr 18)
- More vulnerabilities in FP Narrow (Apr 18)
- Re: More vulnerabilities in FP The Cyberiad (Apr 19)
- Re: More vulnerabilities in FP Ron van Daal (Apr 22)
- Re: More vulnerabilities in FP The Cyberiad (Apr 19)
- AVM's Statement eAX [Teelicht] (Apr 19)
- Adtran DoS Mike Ireton (Apr 19)
- FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs FreeBSD Security Officer (Apr 19)