Bugtraq mailing list archives

Re: wu-ftpd info.

From: rjq () phys ksu edu (Rob Quinn)
Date: Wed, 13 Apr 1994 13:12:38 -0500 (CDT)

What are the dangers posed by someone gaining root access, as through a
trojaned ftpd, in a _chrooted_ environment, assuming that the environment
gets chrooted before there's any chance of compromise?  Granted, you
don't want strangers enabled to wreak havoc with your ftp heirarchy
(and planting _more_ trojans), but what kind of threats can be posed
to the rest of the system from such a toehold?


 Assuming they can put some program there and run it as root, they could get
access to things that aren't restricted in a chroot environment, like:
        privileged sockets on the local machine
        device file creation(?)
        create a setuid sh that a normal user (not chroot'ed) could use
        kill() any process (and then replace it) ie. telnetd or login.
 etc etc


-- 
| let's all be different                                                   |
| just like me                                                   Rob Quinn |
|                                                         rjq () phys ksu edu |
|                                                    QuinnBob@KSUVM.BITNET |

Current thread:

wu-ftpd info. Christopher Klaus (Apr 12)
- Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Paul Walmsley (Apr 13)
- <Possible follow-ups>
- Re: wu-ftpd info. Ken Hardy (Apr 13)
  - Re: wu-ftpd info. jdd () cdf toronto edu (Apr 13)
  - Re: wu-ftpd info. Paul A Vixie (Apr 13)
  - Re: wu-ftpd info. Rob Quinn (Apr 13)
  - Re: wu-ftpd info. Gene Spafford (Apr 13)
  - Re: wu-ftpd info. Marc W. Mengel (Apr 13)
    - Re: wu-ftpd info. Christopher Klaus (Apr 13)
- Re: wu-ftpd info. smb () research att com (Apr 13)
- Re: wu-ftpd info. William McVey (Apr 13)
- Re: wu-ftpd info. der Mouse (Apr 13)