Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)
From: marekm () i17linuxb ists pwr wroc pl (Marek Michalkiewicz)
Date: Wed, 12 Jul 1995 17:49:07 +0200


Henri Karrenbeld:
People with local ftp access can use the filedescriptors in /proc of
the iwu.)ftpd process (which is running under their euid) to read and append
to files to which they should not have access. This gives write permission
to /var/adm/wtmp and read access to /etc/shadow, if your ftpd is hacked

This is a known problem with Linux /proc.  Fixed in 1.2.11, introducing
a minor misfeature (ps shows ftpd always running as root).  I hope 1.2.12
(if, when) will fix it better.

1.2.11 makes everything in /proc/pid owned by root if real and effective
uid (or gid) of the process are different, or if the dumpable flag is
cleared (it is cleared for setuid and setgid programs).  This disallows
access to /proc/pid/fd.

Marek



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]