Date: Mon, 18 May 1998 16:20:00 -0400 (EDT) From: meuston@jmrodgers.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/6682: [Patch] ftpd(8) does not check default group in config files Message-ID: <199805182020.QAA04914@gw.jmrodgers.com>
next in thread | raw e-mail | index | archive | help
>Number: 6682
>Category: bin
>Synopsis: [Patch] ftpd(8) does not check default group in config files
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 18 13:20:01 PDT 1998
>Last-Modified:
>Originator: Max Euston
>Organization:
>Release: FreeBSD 2.2.5-STABLE i386
>Environment:
-STABLE (and -CURRENT w/ offset=7 lines)
>Description:
ftpd(8) allows '@gname' in /etc/ftpusers and /etc/ftpchroot to specify
that group name 'gname' is A) not allowed to login or B) required to
chroot to their home directory respectively. The program however, ONLY
checks supplementary group names (in /etc/group), and NOT the default group
(in /etc/passwd).
[I have marked this PR "serious/high" since it is likely that there are
other systems configured as mine was (until recently) that mistakenly
either A) allowed unauthorized logins or B) allowed restricted users
enhanced access.]
>How-To-Repeat:
Add an entry to /etc/ftpusers or /etc/ftpchroot and then 'vipw' to add
a new user in the specified group. Try to ftp with that user id.
>Fix:
diff -u /usr/src/libexec/ftpd/ftpd.c ./ftpd.c
--- /usr/src/libexec/ftpd/ftpd.c Fri Feb 20 17:19:38 1998
+++ ./ftpd.c Mon May 18 14:35:40 1998
@@ -234,7 +234,7 @@
#endif
static void ack __P((char *));
static void myoob __P((int));
-static int checkuser __P((char *, char *));
+static int checkuser __P((char *, char *, int));
static FILE *dataconn __P((char *, off_t, char *));
static void dolog __P((struct sockaddr_in *));
static char *curdir __P((void));
@@ -777,8 +777,8 @@
guest = 0;
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
- if (checkuser(_PATH_FTPUSERS, "ftp") ||
- checkuser(_PATH_FTPUSERS, "anonymous"))
+ if (checkuser(_PATH_FTPUSERS, "ftp", 0) ||
+ checkuser(_PATH_FTPUSERS, "anonymous", 0))
reply(530, "User %s access denied.", name);
#ifdef VIRTUAL_HOSTING
else if ((pw = sgetpwnam(thishost->anonuser)) != NULL) {
@@ -809,7 +809,7 @@
break;
endusershell();
- if (cp == NULL || checkuser(_PATH_FTPUSERS, name)) {
+ if (cp == NULL || checkuser(_PATH_FTPUSERS, name, 1)) {
reply(530, "User %s access denied.", name);
if (logging)
syslog(LOG_NOTICE,
@@ -840,9 +840,10 @@
* Check if a user is in the file "fname"
*/
static int
-checkuser(fname, name)
+checkuser(fname, name, pwset)
char *fname;
char *name;
+ int pwset;
{
FILE *fd;
int found = 0;
@@ -863,6 +864,14 @@
if ((grp = getgrnam(line+1)) == NULL)
continue;
+ /*
+ * Check user's default group
+ */
+ if (pwset && grp->gr_gid == pw->pw_gid)
+ found = 1;
+ /*
+ * Check supplementary groups
+ */
while (!found && grp->gr_mem[i])
found = strcmp(name,
grp->gr_mem[i++])
@@ -1009,7 +1018,7 @@
#ifdef LOGIN_CAP /* Allow login.conf configuration as well */
login_getcapbool(lc, "ftp-chroot", 0) ||
#endif
- checkuser(_PATH_FTPCHROOT, pw->pw_name);
+ checkuser(_PATH_FTPCHROOT, pw->pw_name, 1);
if (guest) {
/*
* We MUST do a chdir() after the chroot. Otherwise
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805182020.QAA04914>