TLUG Mailing List

Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: more starnge ISP behavior

To: tlug@example.com

Subject: Re: tlug: more starnge ISP behavior

From: "Stephen J. Turnbull" <turnbull@example.com>

Date: Wed, 21 Oct 1998 15:30:13 +0900 (JST)

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=us-ascii

In-Reply-To: <Pine.LNX.3.95.981021175622.186A-100000@example.com>

References: <XFMail.981020212243.schweiz@example.com><Pine.LNX.3.95.981021175622.186A-100000@example.com>

Reply-To: tlug@example.com

Sender: owner-tlug@example.com
>>>>> "jdb" == J David Beutel <jdb@example.com> writes:

    jdb> On Tue, 20 Oct 1998, Jim Schweizer wrote:
    >> OK, this is getting wierder (or I'm losing my marbles.)

    jdb> Maybe they think some people have web pages that reference
    jdb> themselves using a URL, so they want to encourage people to
    jdb> update them?  Pretty weak, tho--people should not have such
    jdb> web pages.

Probably they threw out the old machines so they lost the pages.  :-)

    >> I have an account with one of the ISPs in question so I decided
    >> to dig around a little. I ftp'd to the new server and behold -
    >> they already set up a bin directory for me?! I wonder what's in
    >> it...
    >> 
    >> Wow, my very own ls....

    jdb> That's a pretty big ls.  Maybe it's output from ls -l,
    jdb> listing your previous files?  But then why is it
    jdb> execute-only, and in a bin directory?  Maybe it's a real,
    jdb> big, old ls sitting there for ftpd security?

The best way to be _sure_ of security in that kind of situation is to
do a chroot.  Can you do cd .. from your home directory under ftp?

But if you chroot somewhere that isn't /, and I can't see why you'd
chroot / :-), what goes wrong?  Well, you can't see /bin, /usr/bin,
and /lib, for starters.  (I'm sure it's possible to hardlink out of a
chroot, but you cannot symlink out.)  Since ls is executed as an
external process, you need a ls under the chroot, and it has to be
statically linked.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences        Tel/fax: +1 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for?  "Free software rules."
---------------------------------------------------------------
Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
Follow-Ups:

Re: tlug: more strange ISP behavior
From: Jim Schweizer <schweiz@example.com>

References:

tlug: more starnge ISP behavior
From: Jim Schweizer <schweiz@example.com>

Re: tlug: more starnge ISP behavior
From: "J. David Beutel" <jdb@example.com>

Prev by Date: Re: tlug: Sparc 20 memory

Next by Date: Re: tlug: Sparc 20 memory

Prev by thread: Re: tlug: more starnge ISP behavior

Next by thread: Re: tlug: more strange ISP behavior

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links