The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #303 [Re: revised tftpd writeup] (1 message, 667 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/303.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: David Herron E-Mail Hack <david@ms.uky.edu>
To: phage
Date: Sun 22:21:58 27/11/1988 EST
Subject: Re: revised tftpd writeup
References: [Thread Prev: 299] [Thread Next: 305] [Message Prev: 302] [Message Next: 304]

Ok, using programs we have on our system here's what *I* would do,
and *do* do in certain circumstances

	tftp tcp/?? ... root ... <path>/chroot /u/tftp <path>/setuid tftp ...

That is, the tftp service starts up as root, so that it can run
chroot and chroot over to the safe area.  Then we have this program
called "setuid" which setuid()'s over to the first argument and
runs the command on the rest of the command line.  We have a matching
program called setgid which has it's uses as well.

None of those programs are installed with setuid, because it's an
obvious security hole.
--
<-- David Herron; an MMDF guy                              <david@ms.uky.edu>
<-- ska: David le casse\*'      {rutgers,uunet}!ukma!david, david@UKMA.BITNET
<--
<-- Controlled anarchy -- the essence of the net.

END OF DOCUMENT