Bugtraq mailing list archives
Re: wu-ftpd info.
From: paul () vix com (Paul A Vixie)
Date: Wed, 13 Apr 1994 10:55:49 -0700
What are the dangers posed by someone gaining root access, as through a trojaned ftpd, in a _chrooted_ environment, assuming that the environment gets chrooted before there's any chance of compromise? Granted, you don't want strangers enabled to wreak havoc with your ftp heirarchy (and planting _more_ trojans), but what kind of threats can be posed to the rest of the system from such a toehold?
well, one of the bugs that was fixed permitted (on rare systems, none of mine and none i know of) the root access before the chroot (!) happened. however, even after chrooting, if you didn't get chrooted to a device that is mounted "nosuid,nodev", you can either create setuid executables that other nonchrooted users can use, or you can make your own /dev entries (which, once you open them, aren't affected by chroot -- they should be!).
Current thread:
- wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
- Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
- Re: wu-ftpd info. Rob Quinn (Apr 13)
- Re: wu-ftpd info. Gene Spafford (Apr 13)
- Re: wu-ftpd info. Marc W. Mengel (Apr 13)
- Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)