[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Redhat Linux 6.0 Problem

From: R E Wolff BitWizard nl (Rogier Wolff)
To: jlewis lewis org
Cc: lundberg vr net, lberdeja 2xtreme net, wu-ftpd wugate wustl edu, bugs redhat com, linux-security redhat com
Subject: Re: Redhat Linux 6.0 Problem
Date: Sat, 8 May 1999 08:39:12 +0200 (MEST)

jlewis lewis org wrote:
> I just noticed another really wierd thing.  For some reason the anonftp
> package on Red Hat (at least 5.2 and 6.0) that includes the libs and bins
> needed for wu-ftpd to work for anonymous FTP includes what seems to be a
> copy of /bin/ash as /home/ftp/bin/sh.  Why the heck would they include a
> bourne shell in the anon bin directory?

I've done "dir patch*" to get a listing of all the patches at
ftp.kernel.org. 

The "*" expansion is something a shell does. My guess is that they
didn't want to duplicate the wildcard expansion into wu-ftpd. 

Note that a shell doesn't have any special privileges. So, indeed for
convenience, exploits regularly do 'exec ("/bin/sh")', but in fact

	while (1) {
	   read (0, buf, 1024);
	   if (fork ()) exit (exec (buf));
	   wait (...);
	}

is a simple shell-substitiute, and short enough to be carried in an
exploit of a few hundred bytes.

Regards, 

	Roger Wolff.

-- 
** R E Wolff BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------

Follow-Ups:
- Re: Redhat Linux 6.0 Problem
  - From: jlewis

References:
- Re: Redhat Linux 6.0 Problem
  - From: jlewis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]