[369] in RedHat Linux List
Re: possibly serious security hole in colgate -- anonftp
daemon@ATHENA.MIT.EDU (Erik Troan)
Tue Oct 22 10:34:49 1996
Date: Tue, 22 Oct 1996 10:31:01 -0400 (EDT)
From: Erik Troan <ewt@redhat.com>
To: redhat-list@redhat.com
In-Reply-To: <Pine.LNX.3.95.961021234744.3235A-100000@karpes.stu.rpi.edu>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Mon, 21 Oct 1996, Simon Karpen wrote:
> The directory /home/ftp is writable by the user ftp, which allows a user
> at any site to obtain a copy of any world readable file on the machine,
> including /etc/passwd (only significant if you are not using shadow),
> among others.
>
> The shared libraries in ~ftp/lib are also writable by the user ftp. This
> allows for serious security problmes, as these shared libraries could be
> overwritten with "intersting" stuff.
These are certainly major problems, but they don't seem to actually exist..
% rpm -qlvp /mnt/intel/RedHat/RPMS/anonftp-2.3-1.i386.rpm
drwxr-xr-x- root root 1024 Aug 27 15:23 /home/ftp
d--x--x--x- root root 1024 Aug 27 15:23 /home/ftp/bin
---x--x--x- root root 14860 Aug 14 11:58 /home/ftp/bin/compress
---x--x--x- root root 292160 Aug 27 10:17 /home/ftp/bin/cpio
---x--x--x- root root 45056 Aug 19 16:14 /home/ftp/bin/gzip
---x--x--x- root root 36792 Aug 19 16:33 /home/ftp/bin/ls
lrwxrwxrwx- root root 4 Aug 27 15:23 /home/ftp/bin/sh -> bash
---x--x--x- root root 77592 Aug 09 18:45 /home/ftp/bin/tar
lrwxrwxrwx- root root 4 Aug 27 15:23 /home/ftp/bin/zcat -> gzip
crw-rw-r--- root root 1, 5 Nov 19 15:17 /home/ftp/dev/zero
d--x--x--x- root root 1024 Aug 27 15:23 /home/ftp/etc
-r--r--r--- root root 53 Aug 27 15:23 /home/ftp/etc/group
-r--r--r--- root root 3333 Aug 27 14:55 /home/ftp/etc/ld.so.cache
-r--r--r--- root root 79 Aug 27 15:23 /home/ftp/etc/passwd
drwxr-xr-x- root root 1024 Aug 27 15:23 /home/ftp/lib
-rwxr-xr-x- root root 21367 Aug 26 11:38 /home/ftp/lib/ld-linux.so.1
-rwxr-xr-x- root root 21367 Aug 26 11:38 /home/ftp/lib/ld-linux.so.1.7.14
-rwxr-xr-x- root root 24580 Aug 26 11:38 /home/ftp/lib/ld.so
-rwxr-xr-x- root root 24580 Aug 26 11:38 /home/ftp/lib/ld.so.1.7.14
lrwxrwxrwx- root root 14 Aug 27 15:23 /home/ftp/lib/libc.so.5 -> libc.so.5.3.12
-rwxr-xr-x- root root 694041 Jul 11 15:03 /home/ftp/lib/libc.so.5.3.12
lrwxrwxrwx- root root 19 Aug 27 15:23 /home/ftp/lib/libtermcap.so.2 -> libtermcap.so.2.0.8
-rwxr-xr-x- bin bin 11925 Aug 09 15:44 /home/ftp/lib/libtermcap.so.2.0.8
dr-xr-sr-x- root ftp 1024 Aug 27 15:23 /home/ftp/pub
I've also checked these permissions on a freshly installed machine to ensure
they are right.
Does anyone else see these problems? Simon, does "rpm -V anonftp" show
any irregularities.
Erik
-------------------------------------------------------------------------------
Always hoped that I'd be an apostle. Knew that I would make it if I tried.
Then when we retire we can write the gospels so they'll all talk about
us when we've die. - "The Last Supper" from Jesus Christ Superstar
| Erik Troan = http://sunsite.unc.edu/ewt/ = ewt@sunsite.unc.edu |
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
