[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: about chroot wu-ftpd; was->Re: Re: the port 41430?I was cracked :-(
- From: "Greg Wright" <k5tsrytx001 sneakemail com>
- To: redhat-list redhat com
- Subject: Re: about chroot wu-ftpd; was->Re: Re: the port 41430?I was cracked :-(
- Date: Sun Jun 2 09:00:01 2002
*********** REPLY SEPARATOR ***********
On 2/06/2002 at 1:18 PM Lewi ichtus mbone petra ac id
[gregausit/redhat-list] wrote:
>talking about wu-ftpd, I know that anonymous user in wuftpd release by
>red hat using chroot env,
>is this meant that, even I ran wu-ftpd in chroot, still can't protect your
>system.
>
>so what the chroot really used for??
>I have read Securing Red Hat by Gerhard, in his book he still using
>wu-ftpd in chroot environment
>
>need for explanation, please
>I'm really confusing :(
>
I setup wu years back to run users chrooted, I am not sure what is in 7.3,
but chrooting for wu is usually related to the user or group being chrooted
or jailed so they cannot leave a directory, it does not offer any
protection from say a known buffer overload.
If the wu daemon is run as a non priveledged user and chrooted, then this
would be a setup that offers security for the system and not for protection
agains users browsing to a directory where they could read your secret
files....
Hope that clarifies the basics or principle idea.
Regards
Greg Wright
--
IT Consultant Sydney Australia PH 0418 292020 -- Int. +61 418 292020
Available for Global Contracts US Fax -- 801 740 2874
Web http://www.ausit.com E-mail Greg AT AusIT.com
Trading As - AAA Computers -- providers of IT services.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]