Date: Mon, 12 Dec 2011 00:52:46 +0000 From: Jamie Landeg Jones <jamie@bishopston.net> To: gabor@zahemszky.hu, delphij@gmail.com Cc: freebsd-security@freebsd.org Subject: Re: ftpd security issue ? Message-ID: <201112120052.pBC0qkov014205@catflap.bishopston.net> In-Reply-To: <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com> References: <4ED68B4D.4020004@sentex.net> <4ED69B7E.50505@frasunek.com> <4ED6C3C6.5030402@delphij.net> <4ED6D1CD.9080700@sentex.net> <4ED6D577.9010007@delphij.net> <4ED6DA75.30604@sentex.net> <4EE131B8.7040000@sentex.net> <c081e4612df771d59c1dc2870d99d7b9@zahemszky.hu> <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Are the following steps enough to prevent me? > > > > # for user in user1 user2 .... ; do > > mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc > > chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib ~$user/etc > > done > > # > > Yes that should be sufficient workaround. I'd modify that to also check that the directories don't already exist, and delete/rename them if they do. Currently, (if you ignore error messages) your script will not fix users who already potentially exploit the issue. Cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112120052.pBC0qkov014205>