httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ras...@lerdorf.on.ca (Rasmus Lerdorf)
Subject Re: pserver disabled on taz?
Date Sun, 22 Jun 1997 07:52:46 GMT
> Great. Nice of you to tell us. What is this major security hole?

You can read about it on the cvs-info mailing list.  Although it hasn't
been all that well described there.  Basically if you are able to create a
file anywhere in the file system on a machine running the pserver, then
you can create a bogus passwd file.  The pserver will setuid to any user
name in that passwd file and you can then create files as that user.

There are some simple fixes though.  Run the sucker in a chrooted cage, or
hack the pserver code to not setuid to the third arg in the passwd file.
Hardwire in some user id to setuid to.  Would have been more prudent do
something like that as opposed to just shutting it down without warning.

> None of which are an option under NT, AFAIK.

Sure it is.  I run an NT ssh client here.  See www.datafellows.com.

-Rasmus


Mime
View raw message