Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Sat, 8 Jul 1995 22:24:34 -0400
[By the way, I keep seeing different addresses for bugtraq in headers. What's the correct current address?]
You have to run as root to setuid to the user, to open the log files, and to chroot (for anon) to the ftp dir.. of course after login, root privs are not really needed.They are needed to create ftp-data sockets (privileged port number).
True. And unfortunate. Personally, I think use of the default data port has outlived its usefulness, and would _almost_ be willing to put up an FTP daemon that permanently threw away all privilege soon after startup, and required use of PORT or PASV for data transfers. But quite aside from that, ftpd doesn't really need root access for its data port. Cheswick & Bellovin, in their (incidentally excellent) book, point out that this can be done with an auxiliary program, either a long-running daemon listening to a private well-known port, or a tiny setuid-root program execed by ftpd. (The former version requires an OS capable of passing file descriptors (aka "access rights") through sockets.) This program takes a socket bound to the ftp control port and returns a socket bound to the ftp data port. Hard to abuse (I'd say "impossible", but I know better than to make such blanket claims) and small enough to be trusted. Of course, the _real_ problem is that the privilege model used by UNIX (ie, all-or-nothing, root or normal user) is being used well outside its design environment, and the mismatch is showing. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: HP bomb barded my email with it FAQ (fwd), (continued)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)