From owner-freebsd-security@FreeBSD.ORG Mon Dec 12 00:52:48 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F0271065678 for ; Mon, 12 Dec 2011 00:52:48 +0000 (UTC) (envelope-from jamie@bishopston.net) Received: from pacha.mail.bishopston.net (pacha.mail.bishopston.net [IPv6:2001:5c0:1100:200::3]) by mx1.freebsd.org (Postfix) with ESMTP id 4FC4F8FC08 for ; Mon, 12 Dec 2011 00:52:48 +0000 (UTC) X-Catflap-Envelope-From: X-Catflap-Envelope-To: freebsd-security@freebsd.org Received: from catflap.bishopston.net (smmsp@localhost [127.0.0.1]) by catflap.bishopston.net (8.14.5/8.14.4) with ESMTP id pBC0qldp014206; Mon, 12 Dec 2011 00:52:47 GMT (envelope-from jamie@catflap.bishopston.net) Received: (from root@localhost) by catflap.bishopston.net (8.14.5/8.12.9/Submit) id pBC0qkov014205; Mon, 12 Dec 2011 00:52:46 GMT From: Jamie Landeg Jones Message-Id: <201112120052.pBC0qkov014205@catflap.bishopston.net> Date: Mon, 12 Dec 2011 00:52:46 +0000 Organization: http://www.bishopston.com/jamie/ To: gabor@zahemszky.hu, delphij@gmail.com References: <4ED68B4D.4020004@sentex.net> <4ED69B7E.50505@frasunek.com> <4ED6C3C6.5030402@delphij.net> <4ED6D1CD.9080700@sentex.net> <4ED6D577.9010007@delphij.net> <4ED6DA75.30604@sentex.net> <4EE131B8.7040000@sentex.net> In-Reply-To: User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (catflap.bishopston.net [127.0.0.1]); Mon, 12 Dec 2011 00:52:47 +0000 (GMT) X-Virus-Scanned: clamav-milter 0.97 at catflap.bishopston.net X-Virus-Status: Clean Cc: freebsd-security@freebsd.org Subject: Re: ftpd security issue ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2011 00:52:48 -0000 > > Are the following steps enough to prevent me? > > > > # for user in user1 user2 .... ; do > > mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc > > chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib ~$user/etc > > done > > # > > Yes that should be sufficient workaround. I'd modify that to also check that the directories don't already exist, and delete/rename them if they do. Currently, (if you ignore error messages) your script will not fix users who already potentially exploit the issue. Cheers, Jamie From owner-freebsd-security@FreeBSD.ORG Mon Dec 12 10:24:10 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4F82106564A for ; Mon, 12 Dec 2011 10:24:10 +0000 (UTC) (envelope-from egoitz@ramattack.net) Received: from ks200575.kimsufi.com (ks200575.kimsufi.com [91.121.111.71]) by mx1.freebsd.org (Postfix) with ESMTP id 663438FC0C for ; Mon, 12 Dec 2011 10:24:10 +0000 (UTC) Received: from [172.16.2.46] (izaro.sarenet.es [192.148.167.11]) by ks200575.kimsufi.com (Postfix) with ESMTPSA id E591CAFF1 for ; Mon, 12 Dec 2011 12:03:48 +0000 (UTC) Date: Mon, 12 Dec 2011 11:04:27 +0100 (CET) From: Egoitz Aurrekoetxea Aurre To: freebsd-security@freebsd.org In-Reply-To: <201112120052.pBC0qkov014205@catflap.bishopston.net> Message-ID: References: <4ED68B4D.4020004@sentex.net> <4ED69B7E.50505@frasunek.com> <4ED6C3C6.5030402@delphij.net> <4ED6D1CD.9080700@sentex.net> <4ED6D577.9010007@delphij.net> <4ED6DA75.30604@sentex.net> <4EE131B8.7040000@sentex.net> <201112120052.pBC0qkov014205@catflap.bishopston.net> User-Agent: Alpine 2.00 (OSX 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Subject: Re: ftpd security issue ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2011 10:24:10 -0000 Hi all, I'm using this temporary workaround with Proftpd. PathDenyFilter "(\\.so\\.|\\.so$)" Hope it helps, Bye!!