Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: wamcvey () fedex com (William McVey - wam)
Date: Fri, 7 Jul 1995 22:39:00 -0500


Marek Michalkiewicz wrote:

They are needed to create ftp-data sockets (privileged port number).
That's why ftpd runs (most of the time) with the effective uid of the
user who is logged in, but real uid 0 (so that it can get root privs
for a while, to create a socket).  But no external program (like ls,
gzip, tar, ...) needs to run as root - there should be something like
setgid(getegid()); setuid(geteuid()); between fork and exec in ftpd_popen.
This would prevent the slackware hole from giving root access.

Comments?


Binding to a privileged port is what inetd is good for.  Still no
reason for ftpd to be root other than to do a chroot.  After the chroot
(which should happen in the first few executed statements), ftpd
should drop to some other user, like "ftp."

 -- William

Current thread:

ANNOUNCEMENT: Ssh (Secure Shell) remote login program, (continued)
- - - ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
    - HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
    - Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
  - Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
    - Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
  - Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
  - Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
  - Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)