Security Basics mailing list archives
Re: shell to root through ftp?
From: "xyberpix" <xyberpix () xyberpix com>
Date: Fri, 5 Nov 2004 09:40:52 -0000 (GMT)
Hi flrest0rm, - To stop the directory traversel issue, you could always place all the users in a chroot environment, this would stop that from happening, I would never rely on permissions alone for this. Here's a decent chroot HOWTO, it's on debian but you can look for more if you want to go this way. http://www.chains.ch/chroot.php - Using chroot would stop the www-root access as well. - There are a few vulnerabilites that could lead to privelege escalation, but if you box is set up properly, and has all the latest patches, etc installed, you should be fine. Could I suggest though that for what you need Apache and a FTP server, you look into installing OpenBSD instead of Red Hat, as it has all that you want configured in a default install, and it's secure. http://www.openbsd.org I suppose that this depends on what else you Red Hat box is used for though? One last note, make sure you do your research on what ftp daemon you are going to be running, as a lot of them have gotten a very bad reputation with very good reason. Hope that helps, xyberpix On Thu, 4 November, 2004 9:47 am, fIrestOrm said:
Hi, I have a question that has been bugging me for days. I plan to run an ftp server on my home pc runing redhat to serve some users. For those users, they will have their home directory configured as their default directory when they log on to ftp. My questions are: -What are the possible implications if they are allowed to traverse and enter every directory including / (root) but excluding /root (due to permissions set)? Are they able to get a shell prompt through ftp only? -apache 1.3 is also running on the same box, hence, the users are granted access to www-root. One possible scenario I can think of is by uploading netcat and running it using HTTP. Can it be done through apache? If so, how? -Are there any avenues for privilege escalation to rootuser here? -Are there any other scenarios which utilizes ftp as an attack vector to get a shell prompt ? (please exclude rootkits, chmod to protect /bin, www-root etc). thanks __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
-- For security and Opensource news check out: http://xyberpix.demon.co.uk
Current thread:
- shell to root through ftp? fIrestOrm (Nov 04)
- Re: shell to root through ftp? bcl (Nov 05)
- Re: shell to root through ftp? Chris Umphress (Nov 05)
- Re: shell to root through ftp? xyberpix (Nov 05)