Great Circle Associates Firewalls
(April 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: FTP services --
From: Ken Hardy <ken @ bridge . com>
Date: Fri, 15 Apr 1994 12:01:42 -0500
To: firewalls @ greatcircle . com
Cc: mjr @ tis . com

mjr wrote:

>4: If you're on a Sun, make a copy of /dev/zero in ~ftp/dev and chown
>	it to root. Make sure it's readable.
...
>	If there is a hole in your ftpd that lets someone get "root"
>	access they can do you some damage even chrooted. It's just

Gack!  I was going to ask why /dev/zero, in case you wanted to have
ftpd chrooted to a partition mounted "nodev" (ignore device files), but
my Suns' man pages don't list that as a mount option!  I started a
thread on bugtraq about threats to be aware of from root in a chrooted
environment.  Being able to mknod devices whence to mount verbotten
filesystems is one obvious attack, not to mention /dev/kmem, etc.

Indexed By Date Previous: Re: probe_tcp_ports
From: Dorian Deane <dorian @ cobalt . house . gov>
Next: Re: FTP services --
From: Marcus J Ranum <mjr @ tis . com>
Indexed By Thread Previous: Re: FTP services --
From: Wolfram Schmidt <wschmidt @ iao . fhg . de>
Next: Re: FTP services --
From: Marcus J Ranum <mjr @ tis . com>

Google
 
Search Internet Search www.greatcircle.com