Bugtraq mailing list archives
Re: wu-ftpd info.
From: smb () research att com (smb () research att com)
Date: Wed, 13 Apr 94 12:01:40 EDT
What are the dangers posed by someone gaining root access, as through a trojaned ftpd, in a _chrooted_ environment, assuming that the environment gets chrooted before there's any chance of compromise? Granted, you don't want strangers enabled to wreak havoc with your ftp heirarchy (and planting _more_ trojans), but what kind of threats can be posed to the rest of the system from such a toehold? The answer comes from observing that chroot() provides the process with a different file name space, but it does not isolate it from other attributes of the machine. For example, the machine's network identity remainds the same. How about this: ypcat passwd This will get the real passwd file -- with all that implies. The chroot area also shares the same bdevsw space; thus, root can do mknod ~ftp/sd0a b 7 0 or equivalent.
Current thread:
- wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
- Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Rob Quinn (Apr 13)
- Re: wu-ftpd info. Gene Spafford (Apr 13)
- Re: wu-ftpd info. Marc W. Mengel (Apr 13)
- Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)