Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: shell to root through ftp?

From: "xyberpix" <xyberpix () xyberpix com>
Date: Fri, 5 Nov 2004 09:40:52 -0000 (GMT)
Hi flrest0rm,

- To stop the directory traversel issue, you could always place all the
users in a chroot environment, this would stop that from happening, I
would never rely on permissions alone for this.

Here's a decent chroot HOWTO, it's on debian but you can look for more if
you want to go this way.

http://www.chains.ch/chroot.php


- Using chroot would stop the www-root access as well.

- There are a few vulnerabilites that could lead to privelege escalation,
but if you box is set up properly, and has all the latest patches, etc
installed, you should be fine. Could I suggest though that for what you
need  Apache and a FTP server, you look into installing OpenBSD instead of
Red Hat, as it has all that you want configured in a default install, and
it's secure. http://www.openbsd.org
I suppose that this depends on what else you Red Hat box is used for though?

One last note, make sure you do your research on what ftp daemon you are
going to be running, as a lot of them have gotten a very bad reputation
with very good reason.

Hope that helps,

xyberpix

On Thu, 4 November, 2004 9:47 am, fIrestOrm said:

Hi,

I have a question that has been bugging me for days. I
plan to run an ftp server on my home pc runing redhat
to serve some users. For those users, they will have
their home directory configured as their default
directory when they log on to ftp.

My questions are:

-What are the possible implications if they are
allowed to traverse and enter every directory
including / (root) but excluding /root (due to
permissions set)? Are they able to get a shell prompt
through ftp only?

-apache 1.3 is also running on the same box, hence,
the users are granted access to www-root. One possible
scenario I can think of is by uploading netcat and
running it using HTTP. Can it be done through apache?
If so, how?

-Are there any avenues for privilege escalation to
rootuser here?

-Are there any other scenarios which utilizes ftp as
an attack vector to get a shell prompt ? (please
exclude rootkits, chmod to protect /bin, www-root
etc).

thanks



__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com






-- 
For security and Opensource news check out:
http://xyberpix.demon.co.uk
Previous By Date Next
Previous By Thread Next

Current thread: