Re: Ftpfs security hole particulary fixed

From: "Andrew V. Samoilov" <sav it efp com ua>
To: "Pavel Roskin" <proski gnu org>
Cc: "Midnight Commander Development Team" <mc-devel gnome org>
Subject: Re: Ftpfs security hole particulary fixed
Date: Wed, 30 Jan 2002 14:56:10 +0200

Hello!

> >  "Use Unix ls options"  
> > should be there if only it's impossible to avoid.  Even it that case, we
> > should try to make it remote host-specific, not user-specific.
> 
> Well, my wu-ftpd does "LIST -la" absolutely right
> and others understands this as "LIST -lad".  So, if -d option is a
> common place for ftp servers I will commit patch where all of
> occurences of "LIST -la" will be replaced by "LIST -lad"

It was harry remark.  Below is ftpfs logfile:
220 sav FTP server (Version wu-2.6.1(1) Fri Oct 20 18:47:23 PDT 2000) ready.
MC -- remote_is_amiga =  0
USER sav
331 Password required for sav.
PASS <Password not logged>
230 User sav logged in.
PWD
257 "/home/sav" is current directory.
CWD /
250 CWD command successful.
PASV
227 Entering Passive Mode (192,168,101,138,16,123)
TYPE A
200 Type set to A.
LIST -la .
150 Opening ASCII mode data connection for /bin/ls.
bin:
total 4172
drwxr-xr-x   2 root     bin          4096 Sep  6  1999 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..
lrwxrwxrwx   1 root     root           13 Jul 27  2001 Mail -> /usr/bin/Mail

82 lines removed

boot:
total 3228
drwxr-xr-x   2 root     root         4096 Nov  5 15:34 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..
-rw-r--r--   1 root     root       195940 Jun  4  1999 System.map-2.2.5-22bc
-rw-r--r--   1 root     root          512 Jul 30  2001 boot.0300
-rw-r--r--   1 root     root          512 Jul 27  2001 boot.0340
-rw-r--r--   1 root     root         4592 May 14  2000 boot.b
-rw-r--r--   1 root     root          220 Jul 27  2001 boot_message.txt
-rw-r--r--   1 root     root       464636 Nov  5 15:33 bzImage
-rw-r--r--   1 root     root       463991 Aug  8 21:40 bzImage.oracle8i
-rw-r--r--   1 root     root       462806 Jul 30  2001 bzImage.oracle8i+ps2
-rw-r--r--   1 root     root          612 May 14  2000 chain.b
-rw-------   1 root     root        29184 Nov  5 15:34 map
-rw-r--r--   1 root     root          644 May 14  2000 os2_d.b
-r--------   1 root     root       984326 Jul 27  2001 vmlinuz
-rw-r--r--   1 root     root       629150 Jun  4  1999 vmlinuz-2.2.5-22bc

cdrom:
total 8
drwxr-xr-x   2 root     root         4096 Oct  6  1997 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..

dev:
total 108
drwxr-xr-x   4 root     root        28672 Jan 30 12:46 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..
-rwxr-xr-x   1 root     root        34490 Oct 10  1999 MAKEDEV
-rw-r--r--   1 root     root         1162 Oct 10  1999 README.MAKEDEV
lrwxrwxrwx   1 root     root            4 Jul 27  2001 X0R -> null
crw-r--r--   1 root     root      10, 134 Jun  8  1996 apm_bios
crw-rw-rw-   1 root     sys       10,   3 Jul 18  1994 atibm
crw-rw-r--   1 root     sys       14,   4 Jul 18  1994 audio
crw-rw-rw-   1 root     sys       14,  20 Jul 18  1994 audio1
brw-r-----   1 root     disk      29,   0 Feb 15  1995 aztcd
crw-r--r--   1 root     root      10, 128 May 25  1996 beep
lrwxrwxrwx   1 root     root            8 Aug  1  2001 cdrom -> /dev/hdc
brw-r-----   1 root     disk      24,   0 Jul 18  1994 cdu535
brw-r-----   1 root     disk      32,   0 Aug 18  1995 cm206cd
crw-------   1 root     tty        5,   1 Jan 30 12:46 console
lrwxrwxrwx   1 root     root           11 Jul 27  2001 core -> /proc/kcore

1756 lines removed

etc, home, lib, lost+found, mnt, opt listing removed

oracle:
total 12
drwxr-xr-x   3 oracle   dba          4096 Jul 27  2001 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..
drwxr-xr-x   3 oracle   dba          4096 Jul 27  2001 app

There are much more files/directories.

proc:
total 4
dr-xr-xr-x  55 root     root            0 Jan 30  2002 .

80 lines removed

sbin, var, usr and tmp listing removed, next lines are very interesing.

226 Transfer complete.
PASV
227 Entering Passive Mode (192,168,101,138,110,82)
LIST -lLa /
150 Opening ASCII mode data connection for /bin/ls.
total 112
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 .
drwxr-xr-x  20 root     root         4096 Jan 15 14:38 ..
drwxr-xr-x   2 root     bin          4096 Sep  6  1999 bin
drwxr-xr-x   2 root     root         4096 Nov  5 15:34 boot
drwxr-xr-x   2 root     root         4096 Oct  6  1997 cdrom
drwxr-xr-x   4 root     root        28672 Jan 30 12:46 dev
drwxr-xr-x  15 root     root         4096 Jan 30 12:46 etc
drwxr-xr-x   9 root     root         4096 Nov 12 11:42 home
drwxr-xr-x   4 root     root         4096 Jan 15 14:38 lib
drwxr-xr-x   2 root     root        16384 Jul 27  2001 lost+found
drwxr-xr-x   4 root     root         4096 Oct  6  1997 mnt
drwxr-xr-x   3 root     root         4096 Jun 19  2000 opt
drwxr-xr-x   3 oracle   dba          4096 Jul 27  2001 oracle
dr-xr-xr-x  57 root     root            0 Jan 30  2002 proc
drwx--x---  12 root     sys          4096 Sep 26 16:12 root
drwxr-xr-x   2 root     bin          4096 Oct 30 10:38 sbin
drwxr-xr-x   2 bin      bin          4096 Sep 25 12:08 shlib
drwxrwxrwt  15 root     root         4096 Jan 30 13:13 tmp
drwxr-xr-x  20 root     root         4096 Sep  3  1999 usr
drwxr-xr-x  17 root     root         4096 Jun 19  2000 var
226 Transfer complete.
QUIT

Follow-Ups:
- Re: Ftpfs security hole particulary fixed
  - From: Pavel Roskin

References:
- Re: Ftpfs security hole particulary fixed
  - From: Pavel Roskin
- Re: Ftpfs security hole particulary fixed
  - From: Andrew V. Samoilov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]