> > > In <9404131412.AA01024@racerx> you write: > > What are the dangers posed by someone gaining root access, as through a > trojaned ftpd, in a _chrooted_ environment, assuming that the environment > gets chrooted before there's any chance of compromise? Granted, you > don't want strangers enabled to wreak havoc with your ftp heirarchy > (and planting _more_ trojans), but what kind of threats can be posed > to the rest of the system from such a toehold? > > > Quickest is to put a mknod and dump executable in the filetree, start > doing mknod's of block devices, have dump spew them back to your local > host where you can read any files you want with restore... > With everyone throwing in suggestions of how to exploit this situation, here's another: stick a nfs client program on the host and use it to mount the NFS system, or atleast grab the file handles, since your requests are coming from the 'trusted' machine, it should be no problem. -- Christopher William Klaus Email: cklaus@shadow.net Author:Inet Sec. Scanner 2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)998-5871.