On 11/30/2011 8:16 PM, Xin LI wrote: > On 11/30/11 17:01, Mike Tancsa wrote: >> On 11/30/2011 7:01 PM, Xin LI wrote: >>> >>>> BTW. This vulnerability affects only configurations, where >>>> /etc/ftpchroot exists or anonymous user is allowed to create >>>> files inside etc and lib dirs. >>> >>> This doesn't seem to be typical configuration or no? > >> I think in shared hosting environments it would be somewhat common. >> For annon ftp, I dont think the anon user would be able to create / >> write to a lib directory. > >>> >>> Will the attached patch fix the problem? >>> >>> (I think libc should just refuse /etc/nsswitch.conf and libraries >>> if they are writable by others by the way) > >> It does not seem to prevent the issue for me. Using Przemyslaw >> program's, > > Sorry I patched at the wrong place, this one should do. > > Note however this is not sufficient to fix the problem, for instance > one can still upload .so's that run arbitrary code at his privilege, > which has to be addressed in libc. I need some time to play around > with libc to really fix this one. Forgive the naive question, but is there a way to prevent a process (in this case proftpd) from loading a .so if the session is in a chrooted environment ? Or if at the start of the process, is there a way to force the process to load a lib so that later on, it wont try and load the "bad" lib ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"