The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #299 [Re: revised tftpd writeup] (1 message, 497 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/299.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: "Matt Crawford" <matt@oddjob.uchicago.edu>
To: phage
Date: Fri 12:37:11 25/11/1988 EST
Subject: Re: revised tftpd writeup
References: [Thread Prev: 298] [Thread Next: 303] [Message Prev: 298] [Message Next: 305]

>> Its not necessary to hack tftpd at all.  Just write a small setuid root
>> program called "chroot".  It chdir()s and chroot()s to its first argument,
>> setuid()s to the invoker's real uid, and then exec()s the program given by
>> the remaining arguments.

Don't make such a chroot program publicly executable, or it can
*still* be used to break in.  Remember, there's a reason that the
chroot() syscall is restricted to the superuser.

			Matt

END OF DOCUMENT