On Sun, 21 Feb 1999, Chris Wedgwood wrote: > > I think I will probably write it again, since I don't I have it saved > > somewhere. There's nothing fascinating actually. This seem to be a heap > > buffer overflow, which smashes pointers to the dirnames (thus you could > > probably get access to files outsite chrooted envinronment): > > Could someone please clue me in on how this might be so, assuming > *ftpd correctly chroot's itself then relinquishes permissions? There is a claim in the description of that hole, that wu-ftpd doesn't relinquish permissions properly, changing the uid "temporarily". I assume, it means that saved uid is not changed at that point, however I haven't checked in the source, if this is true. -- Alex ---------------------------------------------------------------------- Excellent.. now give users the option to cut your hair you hippie! -- Anonymous Coward
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:45 PDT