[2153] in linux-security and linux-alert archive
[linux-security] Re: Redhat Linux 6.0 Problem
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Mon May 10 10:15:59 1999
From: jlewis@lewis.org
Date: Sat, 8 May 1999 10:08:14 -0400 (EDT)
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>
cc: lundberg@vr.net, lberdeja@2xtreme.net, wu-ftpd@wugate.wustl.edu,
bugs@redhat.com, linux-security@redhat.com
In-Reply-To: <199905080639.IAA00377@cave.BitWizard.nl>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Sat, 8 May 1999, Rogier Wolff wrote:
> I've done "dir patch*" to get a listing of all the patches at
> ftp.kernel.org.
>
> The "*" expansion is something a shell does. My guess is that they
> didn't want to duplicate the wildcard expansion into wu-ftpd.
Are you sure? On a Red Hat 5.2 system I just tested, wu-ftpd has no
problem with a command like "dir patch*" even after I did a "chmod 000 sh"
> Note that a shell doesn't have any special privileges. So, indeed for
> convenience, exploits regularly do 'exec ("/bin/sh")', but in fact
No...but it means if they find a buffer overflow, there's a nice /bin/sh
to exec in the chroot area. So far, I've found no compelling reason for
/home/ftp/bin/sh to exist.
----don't waste your cpu, crack rc5...www.distributed.net team enzo---
Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
