mailing list archives
Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)
From: marekm () i17linuxb ists pwr wroc pl (Marek Michalkiewicz)
Date: Wed, 12 Jul 1995 17:49:07 +0200
People with local ftp access can use the filedescriptors in /proc of
the iwu.)ftpd process (which is running under their euid) to read and append
to files to which they should not have access. This gives write permission
to /var/adm/wtmp and read access to /etc/shadow, if your ftpd is hacked
This is a known problem with Linux /proc. Fixed in 1.2.11, introducing
a minor misfeature (ps shows ftpd always running as root). I hope 1.2.12
(if, when) will fix it better.
1.2.11 makes everything in /proc/pid owned by root if real and effective
uid (or gid) of the process are different, or if the dumpable flag is
cleared (it is cleared for setuid and setgid programs). This disallows
access to /proc/pid/fd.