From: Paul Szabo <psz@maths.usyd.edu.au.>
Date: Wed, 21 Feb 2007 10:24:32 +1100
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: /bin/ls with gid=0 in Debian linux-ftpd
X-Virus-Scanned: antivirus-gw at tyumen.ru
Mea culpa. A stupid little bug crept into linux-ftpd for Debian, and
some other Linux distros. Some may have fixed it, but Debian hasn't.
The effect is that ftpd now runs /bin/ls (for DIR and similar commands)
with GID=0. Does not seem terribly dangerous as I do not seem able to
trick ls into running anything, nor are there any interesting objects
thusly accessible. Would become a "root hole" if someone finds a way
to execute anything from /bin/ls (as started from ftpd).
Please see
http://bugs.debian.org/384454
for details.
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
