Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: simes () tcp co uk (Simon Burr)
Date: Sun, 9 Jul 1995 08:18:53 +0100
William McVey - wam said
Marek Michalkiewicz wrote:They are needed to create ftp-data sockets (privileged port number).Binding to a privileged port is what inetd is good for. Still no reason for ftpd to be root other than to do a chroot. After the chroot (which should happen in the first few executed statements), ftpd should drop to some other user, like "ftp."
Ftpd needs to be root so that it can allow access to real users, using a setuid() call. Also, since users have to log into the ftpd, some care has to be done when getting the strings from the socket. There is an interesting bit of info on the NCSA mailing lists about if a httpd should make itself a non-privileged user the moment it can. The info it is at http://union.ncsa.uiuc.edu/HyperNews/get/www/ncsa-httpd/1.4/requests/17.html -- Simon Burr (simes () tcp co uk) | http://www.tcp.co.uk/staff/simes/ Systems Manager and Programmer | Tel: (+44) 1703 393392 Total Connectivity Providers Ltd | Southampton, UK My opinions are just that, *mine*. My company would post them if it agreed postal://UK/SO16 3WR/Southampton/PO Box 454/TCP Ltd/
Current thread:
- HP bomb barded my email with it FAQ (fwd), (continued)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)