Date: Fri, 30 Dec 2011 01:01:56 +0400 From: Andrey Chernov <ache@FreeBSD.ORG> To: d@delphij.net Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>, John Baldwin <jhb@FreeBSD.ORG> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <20111229210156.GA58409@vniz.net> In-Reply-To: <4EFCD37F.5030401@delphij.net> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112291400.41075.jhb@freebsd.org> <CAGMYy3t89jcmU6AP4Bsa%2Bv%2BVs%2BK7qm_SaqwA5u==wKrzaqTWBQ@mail.gmail.com> <201112291435.03493.jhb@freebsd.org> <4EFCCDDF.5080602@delphij.net> <20111229204637.GB51102@vniz.net> <4EFCD37F.5030401@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 29, 2011 at 12:54:23PM -0800, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/29/11 12:46, Andrey Chernov wrote: > [...] > > In case user (more precisely, ftpd) runs any program which resides > > in /incoming/, nothing helps in anycase. In case ftpd runs known > > programs from known locations only, it can't be overriden because > > known program > > No it doesn't run external programs. I know) So, there are two problems as result: 1) Wrong chroot() setup (i.e. all program and directories are owned by user, not by root). The way to fight it is better explanation in both chroot(2) and ftpd(8) man pages. 2) Loading .so from the current directory. This should be fixed in the code by either calling rtld function or rtld env variable. -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111229210156.GA58409>