Re: ftpd security issue ?
On 11/30/2011 8:16 PM, Xin LI wrote:
>
> Sorry I patched at the wrong place, this one should do.
>
> Note however this is not sufficient to fix the problem, for instance
> one can still upload .so's that run arbitrary code at his privilege,
> which has to be addressed in libc. I need some time to play around
> with libc to really fix this one.
Hi,
Yes, that looks better! With respect to users uploading .so files, I
guess why not just upload executables directly ? Although I suppose if
they are not allowed to execute anything, this would be a way around that.
Now to prod the proftpd folks
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 18 篇):