O'Sullivan, John (x4714) wrote:
> One hole in the outside occurs if you use the FTP server that ships with NT.
> Even if you make the Sub directory the FTP dir a user can cd / to the root.
You can fix that. Just revoke the Everyone-Rights from the
complete partition. Than, remove all group rights from
your ftp-guest account. give the ftp-guest account explicitly
the desired rights, perhaps only RX.
Now, if the SeTcbPrivlidge is still enabled for Everyone, ftp-guest
could still change to other directories, but then NT examines, that
ftp-guest has NO rights at all for any other directory on that
partition, so the ftpuser is denied to change to other directories.
There is another thinkable solution.
Why is it possible for ftp-guest to change to \, even if
the directory above give him no access ?
If the \ has Everyone-READ enabled, the the SeTcbPrivilidge
is checked by NT. By default, Everyone has this right.
The meaning of this right is : Bypass traverse checking, that means,
if the \ directory is accessible by ftp-guest, but not the directoy
tree between, then NT goes directly to \, not stepping above one dir
by one. But disabling this Privilege has one drawback. The ftp-server
impersonates ftp-guest just immedeatly, the tries to go the
directory, which you specified for ftp-server. But, ftp-guest
cannot go there, because the directory tree between \ and the
ftp-direcetory gives him no access. With this priviligde enabled,
ftp-guest can go directly there, not "traversing the tree..."
This is not a clean solution, because it is the duty of
the ftp-server to make something like a chroot, but is works.
InfoSec webpage :