Date: Fri, 23 Dec 2011 11:46:40 -0600 From: Guy Helmer <guy.helmer@palisadesystems.com> To: Stephen Montgomery-Smith <stephen@missouri.edu> Cc: freebsd-stable@freebsd.org Subject: Re: FLAME - security advisories on the 23rd ? uncool idea is uncool Message-ID: <4F78A870-0F09-4B0D-B238-02FD7C50CAF4@palisadesystems.com> In-Reply-To: <4EF4B982.3070207@missouri.edu> References: <4EF4A75C.2040609@my.gd> <4EF4B2D6.5090206@sentex.net> <4EF4B982.3070207@missouri.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 23, 2011, at 11:25 AM, Stephen Montgomery-Smith wrote: > On 12/23/2011 10:56 AM, Mike Tancsa wrote: >=20 >> Also, the chroot issue has been public for some time along with = sample >> exploits. Same with BIND which was fixed some time ago. Judgment = call, >> and I think they made the right call at least from my perspective. >=20 > It is this chroot issue that bothers me. =46rom my reading of the = ftpd man page, if I have anonymous ftp to my server, it seems that I am = using chroot with ftpd, and there is no way to stop this happening. >=20 > Am I correct, or have I missed something? (I am hoping I missed = something.) I think that to exploit the ftpd chroot issue, the attacker must have = the ability to create an /etc/nsswitch.conf (if it doesn't already = exist), and then requires installing a malicious shared library file in = the chroot /lib, /usr/lib, or /usr/local/lib directory. Local users who = have chroot configured on their home directory for FTP access could = probably exploit this. If your anonymous FTP directories are setup correctly, in particular so = that anonymous users have no write access, and if local users can't = corrupt that configuration (such as by changing owners or permissions of = directories in the anonymous chroot area), then I wouldn't expect this = to be exploitable. Still, I would install the update as soon as possible=85 Guy= -------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F78A870-0F09-4B0D-B238-02FD7C50CAF4>