Re: wu-ftpd info.

jdd@cdf.toronto.edu
Wed, 13 Apr 1994 13:06:48 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Scott D. Yelich: "NFS exporting"
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."

In message <9404131412.AA01024@racerx> you write:
>

>What are the dangers posed by someone gaining root access, as through
>a trojaned ftpd, in a _chrooted_ environment, assuming that the
>environment gets chrooted before there's any chance of compromise?

Easy. Here's one way. Copy /bin/sh (from another machine, if
necessary) to somewhere in the chrooted tree. Make it setuid root. Log
in as another account (not chrooted), eg. guest (or a password-cracked
account). Run the setuid /chrooted_tree/bin/sh. Bingo: root.

John
--
John DiMarco                                              jdd@cdf.toronto.edu
Computing Disciplines Facility Systems Manager            jdd@cdf.utoronto.ca
University of Toronto

Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Scott D. Yelich: "NFS exporting"
In reply to: Ken Hardy: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."