Re: What are "security implications" of FTP chroot jails?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Tue, 31 Oct 2006 19:25:34 -0600
On Tue, 31 Oct 2006, in the Usenet newsgroup comp.os.linux.security, in article
<1162320026.2277.40.camel@xxxxxxxxxxxxxxxx>, Johny be Good wrote:
Moe Trin wrote:
A 'chroot() jail' is only as secure as the lack of skills of the chroot'ed
user. There are a number of _relatively_ simple mechanisms to break out of
jail - and this becomes easier when they have the ability to grab software
from "outside". They need only to obtain 'root' access through some local
exploit and they're out.
FUD.
Moe, he is talking about *FTP* Jail/Chroot environment.
I'm glad to hear that you are sure it's impossible. Please note that FTP
is not the only access that the O/P is granting.
I would love if you can demonstrate or reference how to escape
ftp-jail-chroot in vsftpd.
With FTP access _alone_ on a properly configured system, I'll agree it is
not an easy task. But there are two assumptions - FTP only, and properly
configured. If either is not true, then vsftpd (or any other single
application) does not control everything, especially when the sole purpose
of having FTP access is to upload files for use elsewhere on the system.
Thank you for your future enlightenment.
The world does not exist in splendid isolation. Look at the rest of the
picture.
Old guy
.
- Follow-Ups:
- Re: What are "security implications" of FTP chroot jails?
- From: C. J. Clegg
- Re: What are "security implications" of FTP chroot jails?
- References:
- Re: What are "security implications" of FTP chroot jails?
- From: Johny be Good
- Re: What are "security implications" of FTP chroot jails?
- Prev by Date: Re: What are "security implications" of FTP chroot jails?
- Next by Date: Re: What are "security implications" of FTP chroot jails?
- Previous by thread: Re: What are "security implications" of FTP chroot jails?
- Next by thread: Re: What are "security implications" of FTP chroot jails?
- Index(es):
Relevant Pages
|
