From owner-freebsd-stable@FreeBSD.ORG Fri Dec 23 18:05:05 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55351106566C for ; Fri, 23 Dec 2011 18:05:05 +0000 (UTC) (envelope-from guy.helmer@palisadesystems.com) Received: from ps-1-a.compliancesafe.com (ps-1-a.compliancesafe.com [216.81.161.161]) by mx1.freebsd.org (Postfix) with ESMTP id 93BFF8FC0A for ; Fri, 23 Dec 2011 18:05:01 +0000 (UTC) Received: from mail.palisadesystems.com (localhost [127.0.0.1]) by ps-1-a.compliancesafe.com (8.14.4/8.14.3) with ESMTP id pBNHkuDW052741; Fri, 23 Dec 2011 11:46:57 -0600 (CST) (envelope-from guy.helmer@palisadesystems.com) Received: from guysmbp.dyn.palisadesys.com (GuysMBP.dyn.palisadesys.com [172.16.2.90]) (authenticated bits=0) by mail.palisadesystems.com (8.14.3/8.14.3) with ESMTP id pBNHkeCv003512 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 23 Dec 2011 11:46:41 -0600 (CST) (envelope-from guy.helmer@palisadesystems.com) X-DKIM: Sendmail DKIM Filter v2.8.3 mail.palisadesystems.com pBNHkeCv003512 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=palisadesystems.com; s=mail; t=1324662401; bh=49RduJ04sqQJz9Pzl0sBE3ry6owh+9iPUTw/WLpzGTk=; l=128; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=bGTD65WHX0tE+9J4pPdntQNxiBwG37Q5jVxUwYlb859DvB94w9VfSrOhHIqzUr/qx T7lZ1GiqDQdYzwmCP3MWboJbuUglTVjURqHNqMhieyQjMkyMRh9qQxoPW3Rrz6kpHE t2IVAMKhOxeFdSlaW697z5bdMJ9hbFZNoGl1myew= Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=windows-1252 From: Guy Helmer In-Reply-To: <4EF4B982.3070207@missouri.edu> Date: Fri, 23 Dec 2011 11:46:40 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: <4F78A870-0F09-4B0D-B238-02FD7C50CAF4@palisadesystems.com> References: <4EF4A75C.2040609@my.gd> <4EF4B2D6.5090206@sentex.net> <4EF4B982.3070207@missouri.edu> To: Stephen Montgomery-Smith X-Mailer: Apple Mail (2.1251.1) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (mail.palisadesystems.com [172.16.1.5]); Fri, 23 Dec 2011 11:46:41 -0600 (CST) X-Palisade-MailScanner-Information: Please contact the ISP for more information X-Palisade-MailScanner-ID: pBNHkeCv003512 X-Palisade-MailScanner: Found to be clean X-Palisade-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-1.628, required 5, ALL_TRUSTED -1.00, BAYES_00 -1.90, RP_8BIT 1.27) X-Palisade-MailScanner-From: guy.helmer@palisadesystems.com X-Spam-Status: No X-PacketSure-Scanned: Yes Cc: freebsd-stable@freebsd.org Subject: Re: FLAME - security advisories on the 23rd ? uncool idea is uncool X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 18:05:05 -0000 On Dec 23, 2011, at 11:25 AM, Stephen Montgomery-Smith wrote: > On 12/23/2011 10:56 AM, Mike Tancsa wrote: >=20 >> Also, the chroot issue has been public for some time along with = sample >> exploits. Same with BIND which was fixed some time ago. Judgment = call, >> and I think they made the right call at least from my perspective. >=20 > It is this chroot issue that bothers me. =46rom my reading of the = ftpd man page, if I have anonymous ftp to my server, it seems that I am = using chroot with ftpd, and there is no way to stop this happening. >=20 > Am I correct, or have I missed something? (I am hoping I missed = something.) I think that to exploit the ftpd chroot issue, the attacker must have = the ability to create an /etc/nsswitch.conf (if it doesn't already = exist), and then requires installing a malicious shared library file in = the chroot /lib, /usr/lib, or /usr/local/lib directory. Local users who = have chroot configured on their home directory for FTP access could = probably exploit this. If your anonymous FTP directories are setup correctly, in particular so = that anonymous users have no write access, and if local users can't = corrupt that configuration (such as by changing owners or permissions of = directories in the anonymous chroot area), then I wouldn't expect this = to be exploitable. Still, I would install the update as soon as possible=85 Guy= -------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.