Bugtraq mailing list archives
Re: wu-ftpd info.
From: jdd () cdf toronto edu (jdd () cdf toronto edu)
Date: Wed, 13 Apr 1994 13:06:48 -0400
In message <9404131412.AA01024@racerx> you write:
What are the dangers posed by someone gaining root access, as through a trojaned ftpd, in a _chrooted_ environment, assuming that the environment gets chrooted before there's any chance of compromise?
Easy. Here's one way. Copy /bin/sh (from another machine, if necessary) to somewhere in the chrooted tree. Make it setuid root. Log in as another account (not chrooted), eg. guest (or a password-cracked account). Run the setuid /chrooted_tree/bin/sh. Bingo: root. John -- John DiMarco jdd () cdf toronto edu Computing Disciplines Facility Systems Manager jdd () cdf utoronto ca University of Toronto
Current thread:
- wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
- Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Rob Quinn (Apr 13)
- Re: wu-ftpd info. Gene Spafford (Apr 13)
- Re: wu-ftpd info. Marc W. Mengel (Apr 13)
- Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)