The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #298 [Re: revised tftpd writeup] (1 message, 655 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/298.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: John Robert LoVerso <loverso@xenna>
To: phage
Date: Fri 11:50:12 25/11/1988 EST
Subject: Re: revised tftpd writeup
References: [Thread Prev: 296] [Thread Next: 299] [Message Prev: 294] [Message Next: 299]

> 		"A fourth alternative is to hack tftp to do a chroot call, and
> 		 put the (limited) set of files you allow to be copied in the
> 		 restricted directory.  This is similar to the technique used
> 		 with ftp.  It too requires source code.

Its not necessary to hack tftpd at all.  Just write a small setuid root
program called "chroot".  It chdir()s and chroot()s to its first argument,
setuid()s to the invoker's real uid, and then exec()s the program given by
the remaining arguments.

With that, copy /etc/tftpd to ~ftp/bin (make it mode 111) and change your
inetd.conf to read:

# a more "secure" tftp using the anonymous ftp area
tftp	dgram	udp	nowait	nobody	/usr/local/bin/chroot	chroot /usr/spool/ftp /bin/tftpd

John R LoVerso, Encore Computer Corp

END OF DOCUMENT