[2039] in bugtraq
Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Jul 13 13:13:33 1995
Date: Thu, 13 Jul 1995 10:18:29 +0200
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Casper Dik <casper@Holland.Sun.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Wed, 12 Jul 1995 12:49:05 EDT."
<9507121959.AA1119@worldcom-18.worldcom.com>
>Am I correct in stating that this problem only occurs on SVR4 based unix's
>[where /proc exists]? Or would, say, SunOS 4.1.x be affected?
It does not occur on SVR4 based Unixes. It occurs only on Linux /pro
implementation.
The SVR4 /proc implemntations only have one file for each process
in /proc. You're not allowed to access that file unless you're root
or your privs are a superset of that process' privs.
Since ftpd runs with a real-uid of root, you cannot access the /proc
entry of your own ftpd.
Casper
