Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: wamcvey () fedex com (William McVey - wam)
Date: Fri, 7 Jul 1995 22:39:00 -0500
Marek Michalkiewicz wrote:
They are needed to create ftp-data sockets (privileged port number). That's why ftpd runs (most of the time) with the effective uid of the user who is logged in, but real uid 0 (so that it can get root privs for a while, to create a socket). But no external program (like ls, gzip, tar, ...) needs to run as root - there should be something like setgid(getegid()); setuid(geteuid()); between fork and exec in ftpd_popen. This would prevent the slackware hole from giving root access. Comments?
Binding to a privileged port is what inetd is good for. Still no reason for ftpd to be root other than to do a chroot. After the chroot (which should happen in the first few executed statements), ftpd should drop to some other user, like "ftp." -- William
Current thread:
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program, (continued)
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)