ftpd loop hole ?
From: Julian Stacey (jhs_at_berklix.org)
Date: 02/25/04
- Previous message: Bob Martin: "Re: FrontPage conversion"
- Next in thread: Gleb Smirnoff: "Re: ftpd loop hole ?"
- Reply: Gleb Smirnoff: "Re: ftpd loop hole ?"
- Reply: Alexander Leidinger: "Re: ftpd loop hole ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 25 Feb 2004 04:58:35 +0100 (CET) To: freebsd-isp@freebsd.org, jhs@berklix.com
Hi freebsd-isp@ people, CC np@bsn.com, ewinter@ewinter.org
Has anyone else seen an exploit of standard ftpd on 4.9-RELEASE ?
Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download.
How to stop a repeat occurence ? There's very few people have
logins on this machine, & I trust the people, & most of them aren't even
competent to achieve an intrusion. It was probably not an inside job.
This was my 4.9 config:
/etc/master.passwd
ftp:*:14:5::0:0:Anonymous FTP tower.berklix:/usr1/ftp:/sbin/nologin
~ftp/passwd (not sure if file needed ?)
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5:System &:/:/sbin/nologin
bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8:News Subsystem:/:/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin
ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent
last changed to
ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/sbin/nologin
/etc/ftpusers
did not contain a line "ftp" (neither does /usr/src/etc/ftpusers)
mine does now - my idea now is to split the ftpd functionality:
- Try harder to block anon ftp writes to this machine
(only allow local users to ftp upload
( & maybe to an mdconfig'd mini FS of just 50M or so))
- later run a read only anon ftpd on another machine.
/etc/inetd.conf
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -l
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
shell stream tcp nowait root /usr/libexec/rshd rshd
login stream tcp nowait root /usr/libexec/rlogind rlogind
ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
tftp dgram udp wait nobody /usr/libexec/tftpd tftpd -l /pub/tftp/ncd /pub/bootp /usr/X11R6/lib/X11/fonts
finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
I didnt have -r on ftpd because a few people on that host have genuine
stuff to upload occasionally.
The telnet shell login are there for emergencies & the use of a
couple of cluless MS users, but people with root privs use ssh
(unless maybe on same local ethernet segment, during rescue/ upgrade periods)
/etc/hosts.equiv
Potential loophole to IP spoofing, so I've stripped it of
names, & will go to ssh/shosts.equiv
/usr/local/etc/rc.d has:
apache.sh*
apache.sh-dist
cyrus_pwcheck.sh*
cyrus_sasl1*
saslauthd1.sh*
I haven't enabled apache for data upload, just download (& not from ftp area)
>From man ftpd I can see & have added:
-M Prevent anonymous users from creating directories.
~ftp was UID=ftp, 755, is now uid=0 555 (per man ftpd)
~ftp/etc & ~ftp/pub similarly checked/fixed
Anthing else I've missed ?
Would I be better using some other ftpd from ports/ rather than /usr/src ?
-
Julian Stacey. Unix C & Net Services Consultant - Munich. http://berklix.com
Mail me in Ascii text/plain: Html + Mime is dumped as Spam.
Schnupftabak probieren: Ihr Rauchen = mein allergischer Kopfschmerz !
Software patents ? vampires would approve ! http://berklix.com/patents/
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Bob Martin: "Re: FrontPage conversion"
- Next in thread: Gleb Smirnoff: "Re: ftpd loop hole ?"
- Reply: Gleb Smirnoff: "Re: ftpd loop hole ?"
- Reply: Alexander Leidinger: "Re: ftpd loop hole ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
