On Fri, 7 May 1999 jlewis@lewis.org wrote:> # ldd ./ls > /lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0x40014000) > libc.so.6 => /lib/libc.so.6 (0x4001c000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > > I''ve never heard of libNoVersion. All the /home/ftp/bin stuff in 6.0 uses > it...but it doesn''t exist. Perhaps that''s got something to do with > it...but its odd that the programs work when I chroot there and run them. > > > Oh, and are you using symlinks? If so, there''s your problem. Symlinks > > No symlinks except for zcat -> gzip. This is a standard Red Hat > installation. It looks like they just screwed up the wu-ftpd package and > will probably issue an update sometime soon. For me, this isn''t a huge > issue. I''m not using RH 6.0 on production servers yet. I like to wait a > few weeks after new releases and see how much stuff they broke and then > either wait for the updates or use the source.I just noticed another really wierd thing. For some reason the anonftp package on Red Hat (at least 5.2 and 6.0) that includes the libs and bins needed for wu-ftpd to work for anonymous FTP includes what seems to be a copy of /bin/ash as /home/ftp/bin/sh. Why the heck would they include a bourne shell in the anon bin directory? ----don''t waste your cpu, crack rc5...www.distributed.net team enzo--- Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or System Administrator | nestea''d...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
jlewis@lewis.org wrote:> I just noticed another really wierd thing. For some reason the anonftp > package on Red Hat (at least 5.2 and 6.0) that includes the libs and bins > needed for wu-ftpd to work for anonymous FTP includes what seems to be a > copy of /bin/ash as /home/ftp/bin/sh. Why the heck would they include a > bourne shell in the anon bin directory?I''ve done "dir patch*" to get a listing of all the patches at ftp.kernel.org. The "*" expansion is something a shell does. My guess is that they didn''t want to duplicate the wildcard expansion into wu-ftpd. Note that a shell doesn''t have any special privileges. So, indeed for convenience, exploits regularly do ''exec ("/bin/sh")'', but in fact while (1) { read (0, buf, 1024); if (fork ()) exit (exec (buf)); wait (...); } is a simple shell-substitiute, and short enough to be carried in an exploit of a few hundred bytes. Regards, Roger Wolff. -- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* ------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------