Ftpfs security hole particulary fixed
Andrew V. Samoilov
sav at it.efp.com.ua
Wed Jan 30 12:56:10 UTC 2002
Hello!
> > "Use Unix ls options"
> > should be there if only it's impossible to avoid. Even it that case, we
> > should try to make it remote host-specific, not user-specific.
>
> Well, my wu-ftpd does "LIST -la" absolutely right
> and others understands this as "LIST -lad". So, if -d option is a
> common place for ftp servers I will commit patch where all of
> occurences of "LIST -la" will be replaced by "LIST -lad"
It was harry remark. Below is ftpfs logfile:
220 sav FTP server (Version wu-2.6.1(1) Fri Oct 20 18:47:23 PDT 2000) ready.
MC -- remote_is_amiga = 0
USER sav
331 Password required for sav.
PASS <Password not logged>
230 User sav logged in.
PWD
257 "/home/sav" is current directory.
CWD /
250 CWD command successful.
PASV
227 Entering Passive Mode (192,168,101,138,16,123)
TYPE A
200 Type set to A.
LIST -la .
150 Opening ASCII mode data connection for /bin/ls.
bin:
total 4172
drwxr-xr-x 2 root bin 4096 Sep 6 1999 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
lrwxrwxrwx 1 root root 13 Jul 27 2001 Mail -> /usr/bin/Mail
82 lines removed
boot:
total 3228
drwxr-xr-x 2 root root 4096 Nov 5 15:34 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
-rw-r--r-- 1 root root 195940 Jun 4 1999 System.map-2.2.5-22bc
-rw-r--r-- 1 root root 512 Jul 30 2001 boot.0300
-rw-r--r-- 1 root root 512 Jul 27 2001 boot.0340
-rw-r--r-- 1 root root 4592 May 14 2000 boot.b
-rw-r--r-- 1 root root 220 Jul 27 2001 boot_message.txt
-rw-r--r-- 1 root root 464636 Nov 5 15:33 bzImage
-rw-r--r-- 1 root root 463991 Aug 8 21:40 bzImage.oracle8i
-rw-r--r-- 1 root root 462806 Jul 30 2001 bzImage.oracle8i+ps2
-rw-r--r-- 1 root root 612 May 14 2000 chain.b
-rw------- 1 root root 29184 Nov 5 15:34 map
-rw-r--r-- 1 root root 644 May 14 2000 os2_d.b
-r-------- 1 root root 984326 Jul 27 2001 vmlinuz
-rw-r--r-- 1 root root 629150 Jun 4 1999 vmlinuz-2.2.5-22bc
cdrom:
total 8
drwxr-xr-x 2 root root 4096 Oct 6 1997 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
dev:
total 108
drwxr-xr-x 4 root root 28672 Jan 30 12:46 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
-rwxr-xr-x 1 root root 34490 Oct 10 1999 MAKEDEV
-rw-r--r-- 1 root root 1162 Oct 10 1999 README.MAKEDEV
lrwxrwxrwx 1 root root 4 Jul 27 2001 X0R -> null
crw-r--r-- 1 root root 10, 134 Jun 8 1996 apm_bios
crw-rw-rw- 1 root sys 10, 3 Jul 18 1994 atibm
crw-rw-r-- 1 root sys 14, 4 Jul 18 1994 audio
crw-rw-rw- 1 root sys 14, 20 Jul 18 1994 audio1
brw-r----- 1 root disk 29, 0 Feb 15 1995 aztcd
crw-r--r-- 1 root root 10, 128 May 25 1996 beep
lrwxrwxrwx 1 root root 8 Aug 1 2001 cdrom -> /dev/hdc
brw-r----- 1 root disk 24, 0 Jul 18 1994 cdu535
brw-r----- 1 root disk 32, 0 Aug 18 1995 cm206cd
crw------- 1 root tty 5, 1 Jan 30 12:46 console
lrwxrwxrwx 1 root root 11 Jul 27 2001 core -> /proc/kcore
1756 lines removed
etc, home, lib, lost+found, mnt, opt listing removed
oracle:
total 12
drwxr-xr-x 3 oracle dba 4096 Jul 27 2001 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
drwxr-xr-x 3 oracle dba 4096 Jul 27 2001 app
There are much more files/directories.
proc:
total 4
dr-xr-xr-x 55 root root 0 Jan 30 2002 .
80 lines removed
sbin, var, usr and tmp listing removed, next lines are very interesing.
226 Transfer complete.
PASV
227 Entering Passive Mode (192,168,101,138,110,82)
LIST -lLa /
150 Opening ASCII mode data connection for /bin/ls.
total 112
drwxr-xr-x 20 root root 4096 Jan 15 14:38 .
drwxr-xr-x 20 root root 4096 Jan 15 14:38 ..
drwxr-xr-x 2 root bin 4096 Sep 6 1999 bin
drwxr-xr-x 2 root root 4096 Nov 5 15:34 boot
drwxr-xr-x 2 root root 4096 Oct 6 1997 cdrom
drwxr-xr-x 4 root root 28672 Jan 30 12:46 dev
drwxr-xr-x 15 root root 4096 Jan 30 12:46 etc
drwxr-xr-x 9 root root 4096 Nov 12 11:42 home
drwxr-xr-x 4 root root 4096 Jan 15 14:38 lib
drwxr-xr-x 2 root root 16384 Jul 27 2001 lost+found
drwxr-xr-x 4 root root 4096 Oct 6 1997 mnt
drwxr-xr-x 3 root root 4096 Jun 19 2000 opt
drwxr-xr-x 3 oracle dba 4096 Jul 27 2001 oracle
dr-xr-xr-x 57 root root 0 Jan 30 2002 proc
drwx--x--- 12 root sys 4096 Sep 26 16:12 root
drwxr-xr-x 2 root bin 4096 Oct 30 10:38 sbin
drwxr-xr-x 2 bin bin 4096 Sep 25 12:08 shlib
drwxrwxrwt 15 root root 4096 Jan 30 13:13 tmp
drwxr-xr-x 20 root root 4096 Sep 3 1999 usr
drwxr-xr-x 17 root root 4096 Jun 19 2000 var
226 Transfer complete.
QUIT
More information about the mc-devel
mailing list