Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Apr 2001 09:57:00 +0800
From:      Victor Sudakov <sudakov@sibptus.tomsk.ru>
To:        Dag-Erling Smorgrav <des@ofug.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Q: Impact of globbing vulnerability in ftpd
Message-ID:  <20010424095700.A40591@sibptus.tomsk.ru>
In-Reply-To: <xzpae57fyzl.fsf@flood.ping.uio.no>; from des@ofug.org on Mon, Apr 23, 2001 at 04:54:22PM %2B0200
References:  <20010423111632.B17342@sibptus.tomsk.ru> <xzpitjvgbub.fsf@flood.ping.uio.no> <20010423190737.A25969@sibptus.tomsk.ru> <xzpae57fyzl.fsf@flood.ping.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 23, 2001 at 04:54:22PM +0200, Dag-Erling Smorgrav wrote:
> > > > As far as I understand, it can be exploited only after a user has
> > > > logged in, so ftpd is already chrooted
> > > Not necessarily.
> > Anonymous account is always chrooted. I think you have to play
> > with the source to disable this.
> 
> The logged-in user is not necessarily anonymous.

In my installations, a user is always chrooted, unless he/she has
a shell account anyway.

> 
> > > Run arbitrary code on the target machine, which may perform operations
> > > (such as creating new directories to store warez) which the FTP server
> > > normally doesn't allow the user to perform, 
> > How is this possible if ftpd drops root privileges after
> > successful login?
> 
> I didn't claim the code would run as root.  It would run as the
> logged-in user, or user "ftp" in case of an anonymous login.

The security advisory claims that. So I became interested.

> 
> > So, if the users already have shell accounts, this security hole
> > does not matter for me, does it?
> 
> Probably not.  Depends on your anonftp setup.

Anonftp is always chrooted :)

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/149@fidonet http://vas.tomsk.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424095700.A40591>