Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

Joerg Czeranski (joerg.czeranski@informatik.tu-clausthal.de)
Thu, 13 Jul 1995 18:09:08 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Maybe in reply to: Henri Karrenbeld: "Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"

> > Am I correct in stating that this problem only occurs on SVR4 based unix's
> > [where /proc exists]?  Or would, say, SunOS 4.1.x be affected?
>
> This affect's Linux's /proc, but may well be an issue with SVR4's /dev/fd
> directory.  While this doesn't exist by default on SunOS 4, there is a
> commonly available kernel driver to implement it.

As far as i can judge it, the SVR4 /dev/fd file system is not vurnerable
via ftpd.  I've checked it on Dec OSF/1 2.0, 3.2 and Solaris 2.4:
The /dev/fd/* are neither hard links nor symlinks but character pseudo
devices and ftpd won't open them ("/dev/fd/0: not a plain file").

joerg

--
Joerg Czeranski                 EMail czeranski@informatik.tu-clausthal.de
Osteroeder Strasse 55                 czeranski@rz.tu-clausthal.de
D 38678 Clausthal-Zellerfeld    WWW   http://www.in.tu-clausthal.de/~injc/

Next message: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Maybe in reply to: Henri Karrenbeld: "Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"