FTP Root Directory Fully Accessible - Security Risk


#1

Some time ago we reached out to Dreamhost to let them know that their FTP service allows users to navigate upward into the OS, where LIST and READ permissions are allowed accross the OS, including the /etc/passwd dir and log files. When I mentioned that this was a huge security concern, especially knowing that there are no real hard password restrictions and that passwd file could easily be hacked, they blew it off like this was a feature and not of concern. Im reaching out because 1) Dreamhost doesnt seem to care 2) Any ideas on what I could do? 3) Is it just crazy they dont care, or am I just crazy?
Seriously though, try it out, keep going up root in your FTP service and see what you get!


#2

I have attempted this and can confirm that this is true.

However, I’m not sure why this is an issue. You’re navigating around in your own account. The passwd files does not contain actual passwords. The shadow file only contains a hashed version of passwords, not the actual password, and is only readable by root. (You may want to read https://unix.stackexchange.com/questions/44854/why-is-etc-passwd-open-to-public-for-reading)

Do you have multiple ftp users, some of who you don’t trust?