On Sun, 21 Feb 1999, Chris Wedgwood wrote:
> > I think I will probably write it again, since I don't I have it saved
> > somewhere. There's nothing fascinating actually. This seem to be a heap
> > buffer overflow, which smashes pointers to the dirnames (thus you could
> > probably get access to files outsite chrooted envinronment):
>
> Could someone please clue me in on how this might be so, assuming
> *ftpd correctly chroot's itself then relinquishes permissions?
There is a claim in the description of that hole, that wu-ftpd doesn't
relinquish permissions properly, changing the uid "temporarily". I assume,
it means that saved uid is not changed at that point, however I
haven't checked in the source, if this is true.
--
Alex
----------------------------------------------------------------------
Excellent.. now give users the option to cut your hair you hippie!
-- Anonymous Coward
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:45 PDT