On Dec 23, 2011, at 11:25 AM, Stephen Montgomery-Smith wrote: > On 12/23/2011 10:56 AM, Mike Tancsa wrote: > >> Also, the chroot issue has been public for some time along with sample >> exploits. Same with BIND which was fixed some time ago. Judgment call, >> and I think they made the right call at least from my perspective. > > It is this chroot issue that bothers me. From my reading of the ftpd man > page, if I have anonymous ftp to my server, it seems that I am using chroot > with ftpd, and there is no way to stop this happening. > > Am I correct, or have I missed something? (I am hoping I missed something.)
I think that to exploit the ftpd chroot issue, the attacker must have the ability to create an /etc/nsswitch.conf (if it doesn't already exist), and then requires installing a malicious shared library file in the chroot /lib, /usr/lib, or /usr/local/lib directory. Local users who have chroot configured on their home directory for FTP access could probably exploit this. If your anonymous FTP directories are setup correctly, in particular so that anonymous users have no write access, and if local users can't corrupt that configuration (such as by changing owners or permissions of directories in the anonymous chroot area), then I wouldn't expect this to be exploitable. Still, I would install the update as soon as possible… Guy-------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
