[1987] in bugtraq
Re: Exploit for Linux wu.ftpd hole
daemon@ATHENA.MIT.EDU (bt)
Wed Jul 5 22:04:35 1995
Date: Wed, 5 Jul 1995 18:46:58 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: bt <bt@cyberflunk.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199507052328.SAA07635@prophet.concorde.com>
You have to run as root to setuid to the user, to open the log files,
and to chroot (for anon) to the ftp dir.. of course after login, root
privs are not really needed.
On Wed, 5 Jul 1995, John Adams wrote:
> Ahh, but isn't wu-ftp supposed to be running as uid ftp?
>
> where does the turnabout come in where ftpd runs as ROOT?
>
> (I haven't been at the source yet, so I'm just throwing these
> questions out for discussion..)
>
> -john
>
