Re: SFTP chroot: Writable root

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 2018-01-05 at 21:42 +1030, David Newall wrote:
> On 05/01/18 20:06, Jakub Jelen wrote:
> > if the confined user has write access to the chroot directory,
> > there are ways how to get out, gain privileges and or do other
> > nasty things.
> 
> I'm not inexperienced with UNIX and unix-like operating systems (30+ 
> years), and I can't think what these ways are.  Although clearly 
> off-topic, I wonder if you could expound on this?

I am not experienced to be able to demonstrate all of the cases, but
there might be others who are.

But clearly, the description of the CVE 2009-2904 [1] talks about
attack vector with hardlinks and suid programs. Though I didn't
investigate it further.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux