Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: bt () cyberflunk com (bt)
Date: Wed, 5 Jul 1995 18:46:58 -0700


You have to run as root to setuid to the user, to open the log files,
and to chroot (for anon) to the ftp dir.. of course after login, root
privs are not really needed.

On Wed, 5 Jul 1995, John Adams wrote:

Ahh, but isn't wu-ftp supposed to be running as uid ftp?

where does the turnabout come in where ftpd runs as ROOT?

(I haven't been at the source yet, so I'm just throwing these
 questions out for discussion..)

-john

Current thread:

Re: SM 8.6.12, (continued)
- - - Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
    - Re: SM 8.6.12 Eric Allman (Jul 16)
    - inetd probs Mark (Jul 17)
    - Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
    - Re: SM 8.6.12 System Administrator (Jul 18)
    - ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
    - HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
    - Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
  - Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
    - Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
  - Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
  - Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
  - Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)