From owner-freebsd-security@FreeBSD.ORG  Fri Dec  9 12:30:16 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B52C3106566B
	for <freebsd-security@freebsd.org>;
	Fri,  9 Dec 2011 12:30:16 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
	by mx1.freebsd.org (Postfix) with ESMTP id E58048FC0C
	for <freebsd-security@freebsd.org>;
	Fri,  9 Dec 2011 12:30:15 +0000 (UTC)
Received: from eg.sd.rdtc.ru (localhost [127.0.0.1])
	by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id pB9CUDMh016139;
	Fri, 9 Dec 2011 19:30:13 +0700 (NOVT)
	(envelope-from eugen@grosbein.pp.ru)
Message-ID: <4EE1FF50.403@grosbein.pp.ru>
Date: Fri, 09 Dec 2011 19:30:08 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU;
	rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7
MIME-Version: 1.0
To: gabor@zahemszky.hu
References: <4ED68B4D.4020004@sentex.net>
	"<4ED69B7E.50505@frasunek.com>"	<4ED6C3C6.5030402@delphij.net>
	"<4ED6D1CD.9080700@sentex.net>"	<4ED6D577.9010007@delphij.net>
	"\"<4ED6DA75.30604@sentex.net>"	<4EE131B8.7040000@sentex.net>"	<c081e4612df771d59c1dc2870d99d7b9@zahemszky.hu>	<CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com>	<4EE1C933.4020001@rdtc.ru>
	<c01e78480b76e1fc000c282fca4c4269@zahemszky.hu>
In-Reply-To: <c01e78480b76e1fc000c282fca4c4269@zahemszky.hu>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org
Subject: Re: ftpd security issue ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 12:30:16 -0000

09.12.2011 19:24, gabor@zahemszky.hu пишет:
>  On Fri, 09 Dec 2011 15:39:15 +0700, Eugene Grosbein wrote:
>> 09.12.2011 15:25, Xin LI пишет:
>>> On Fri, Dec 9, 2011 at 12:04 AM,  <gabor@zahemszky.hu> wrote:
>>>> Hi!
>>>>
>>>> Are the following steps enough to prevent me?
>>>>
>>>> # for user in user1 user2 .... ; do
>>>> mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc
>>>> chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib 
>>>> ~$user/etc
>>>> done
>>>> #
>>>
>>> Yes that should be sufficient workaround.
>>
>> Why /lib and /usr/lib only?
> 
>  ??? /lib, /usr/lib and /etc.
> 
>  Which directory is missing?

I do not know and therefore, ask.
What guarantees that no other directory may be used to load a library from?

Eugene Grosbein