From owner-freebsd-qa Wed Jun 19 8:40:20 2002 Delivered-To: freebsd-qa@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7225F37B415 for ; Wed, 19 Jun 2002 08:40:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g5JFe3j21818; Wed, 19 Jun 2002 08:40:03 -0700 (PDT) (envelope-from gnats) Date: Wed, 19 Jun 2002 08:40:03 -0700 (PDT) Message-Id: <200206191540.g5JFe3j21818@freefall.freebsd.org> To: freebsd-qa@FreeBSD.org Cc: From: Zak Johnson Subject: Re: misc/25851: Security hole in anonymous FTP setup script Reply-To: Zak Johnson Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The following reply was made to PR misc/25851; it has been noted by GNATS. From: Zak Johnson To: freebsd-gnats-submit@FreeBSD.org, tedm@toybox.placo.com Cc: Subject: Re: misc/25851: Security hole in anonymous FTP setup script Date: Wed, 19 Jun 2002 11:31:41 -0400 This patch fixes the problem by stripping the user list from each line. --- release/sysinstall/anonFTP.c.orig Thu Sep 27 02:38:32 2001 +++ release/sysinstall/anonFTP.c Wed Jun 19 11:26:36 2002 @@ -298,7 +298,7 @@ if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) { msgNotify("Copying password information for anon FTP."); vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir); - vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir); + vsystem("awk -F: '!/^#/ {if ($3 < 100) printf \"%s:%s:%s:\\n\", $1, $2, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir); vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir); } else { -Zak To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message