Date: Fri, 09 Dec 2011 19:30:08 +0700 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: gabor@zahemszky.hu Cc: freebsd-security@freebsd.org Subject: Re: ftpd security issue ? Message-ID: <4EE1FF50.403@grosbein.pp.ru> In-Reply-To: <c01e78480b76e1fc000c282fca4c4269@zahemszky.hu> References: <4ED68B4D.4020004@sentex.net> "<4ED69B7E.50505@frasunek.com>" <4ED6C3C6.5030402@delphij.net> "<4ED6D1CD.9080700@sentex.net>" <4ED6D577.9010007@delphij.net> "\"<4ED6DA75.30604@sentex.net>" <4EE131B8.7040000@sentex.net>" <c081e4612df771d59c1dc2870d99d7b9@zahemszky.hu> <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com> <4EE1C933.4020001@rdtc.ru> <c01e78480b76e1fc000c282fca4c4269@zahemszky.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
09.12.2011 19:24, gabor@zahemszky.hu пишет: > On Fri, 09 Dec 2011 15:39:15 +0700, Eugene Grosbein wrote: >> 09.12.2011 15:25, Xin LI пишет: >>> On Fri, Dec 9, 2011 at 12:04 AM, <gabor@zahemszky.hu> wrote: >>>> Hi! >>>> >>>> Are the following steps enough to prevent me? >>>> >>>> # for user in user1 user2 .... ; do >>>> mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc >>>> chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib >>>> ~$user/etc >>>> done >>>> # >>> >>> Yes that should be sufficient workaround. >> >> Why /lib and /usr/lib only? > > ??? /lib, /usr/lib and /etc. > > Which directory is missing? I do not know and therefore, ask. What guarantees that no other directory may be used to load a library from? Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EE1FF50.403>