Date: Tue, 24 Apr 2001 09:57:00 +0800 From: Victor Sudakov <sudakov@sibptus.tomsk.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-security@freebsd.org Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <20010424095700.A40591@sibptus.tomsk.ru> In-Reply-To: <xzpae57fyzl.fsf@flood.ping.uio.no>; from des@ofug.org on Mon, Apr 23, 2001 at 04:54:22PM %2B0200 References: <20010423111632.B17342@sibptus.tomsk.ru> <xzpitjvgbub.fsf@flood.ping.uio.no> <20010423190737.A25969@sibptus.tomsk.ru> <xzpae57fyzl.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 23, 2001 at 04:54:22PM +0200, Dag-Erling Smorgrav wrote: > > > > As far as I understand, it can be exploited only after a user has > > > > logged in, so ftpd is already chrooted > > > Not necessarily. > > Anonymous account is always chrooted. I think you have to play > > with the source to disable this. > > The logged-in user is not necessarily anonymous. In my installations, a user is always chrooted, unless he/she has a shell account anyway. > > > > Run arbitrary code on the target machine, which may perform operations > > > (such as creating new directories to store warez) which the FTP server > > > normally doesn't allow the user to perform, > > How is this possible if ftpd drops root privileges after > > successful login? > > I didn't claim the code would run as root. It would run as the > logged-in user, or user "ftp" in case of an anonymous login. The security advisory claims that. So I became interested. > > > So, if the users already have shell accounts, this security hole > > does not matter for me, does it? > > Probably not. Depends on your anonftp setup. Anonftp is always chrooted :) -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/149@fidonet http://vas.tomsk.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424095700.A40591>