From owner-freebsd-audit Mon Jan 1 8:34:41 2001 From owner-freebsd-audit@FreeBSD.ORG Mon Jan 1 08:34:39 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mail4.registeredsite.com (mail4.registeredsite.com [64.224.9.13]) by hub.freebsd.org (Postfix) with ESMTP id D4ABE37B400 for ; Mon, 1 Jan 2001 08:34:34 -0800 (PST) Received: from mail.techfour.net ([209.35.6.184]) by mail4.registeredsite.com (8.11.1/8.11.1) with ESMTP id f01GYYd13667 for ; Mon, 1 Jan 2001 11:34:34 -0500 Received: from enterprise.muriel.penguinpowered.com [208.138.197.178] by mail.techfour.net with ESMTP (SMTPD32-6.00) id A19F3C580040; Mon, 01 Jan 2001 11:34:39 -0500 Message-ID: X-Mailer: XFMail 1.4.6-3 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 01 Jan 2001 11:34:29 -0500 (EST) Reply-To: Mike Heffner Sender: spock@enterprise.muriel.penguinpowered.com From: Mike Heffner To: FreeBSD-audit Subject: Overflows in /usr/bin (halfway) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I ran my overflow testing program through the /usr/bin directory. It tests for command line and environment overflows. It only made it half way through, but it so far detected 16 binaries that overflowed (out of 239). I've posted the output (links below), anyone that's looking for something to do and has the time might want to look through the output. http://my.ispchannel.com/~mheffner/freebsd/usr.bin.run-20001230-notemp.gz 53.7KB / 1,462.1 KB (compressed/uncompressed) P.S. If anyone decides to work on any of these let me know so that there isn't any duplication of work. -- Mike Heffner Fredericksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jan 1 10: 0:57 2001 From owner-freebsd-audit@FreeBSD.ORG Mon Jan 1 10:00:55 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 4E74137B402 for ; Mon, 1 Jan 2001 10:00:51 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 51B711360E; Mon, 1 Jan 2001 13:00:50 -0500 (EST) Date: Mon, 1 Jan 2001 13:00:50 -0500 From: Chris Faulhaber To: Mike Heffner Cc: FreeBSD-audit Subject: Re: Overflows in /usr/bin (halfway) Message-ID: <20010101130050.A17572@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Mike Heffner , FreeBSD-audit References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from spock@techfour.net on Mon, Jan 01, 2001 at 11:34:29AM -0500 Sender: cdf.lists@fxp.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jan 01, 2001 at 11:34:29AM -0500, Mike Heffner wrote: > Hi, > > I ran my overflow testing program through the /usr/bin directory. It tests for > command line and environment overflows. It only made it half way through, but > it so far detected 16 binaries that overflowed (out of 239). I've posted > the output (links below), anyone that's looking for something to do and has the > time might want to look through the output. > Sounds like fuzz, but with env var support. Any chance of a port? > http://my.ispchannel.com/~mheffner/freebsd/usr.bin.run-20001230-notemp.gz > 53.7KB / 1,462.1 KB (compressed/uncompressed) > A summary of the findings would have been nice (1.5M of repetitious data is, well, repetitious). The following is a list of the affected programs: doscmd dnsquery systat rpcgen ld as [Mm]ail lam jot indent hesinfo gate-ftp pftp ftp Many of these problems appear to be fixable with some simple bounds- checking. I have patches to fix a few of these (which may or may not have been submitted to -audit). See http://www.fxp.org/jedgar/FreeBSD/patches/pending/ Additionally, I have been building a list of potential problem programs to check/fix and will add these. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jan 1 10: 6:50 2001 From owner-freebsd-audit@FreeBSD.ORG Mon Jan 1 10:06:49 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id DE2CE37B400 for ; Mon, 1 Jan 2001 10:06:48 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id B25801360E; Mon, 1 Jan 2001 13:06:48 -0500 (EST) Date: Mon, 1 Jan 2001 13:06:48 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: Re: Overflows in /usr/bin (halfway) Message-ID: <20010101130648.B17572@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org References: <20010101130050.A17572@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010101130050.A17572@peitho.fxp.org>; from jedgar@fxp.org on Mon, Jan 01, 2001 at 01:00:50PM -0500 Sender: cdf.lists@fxp.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jan 01, 2001 at 01:00:50PM -0500, Chris Faulhaber wrote: > http://www.fxp.org/jedgar/FreeBSD/patches/pending/ > The following might work better: http://www.fxp.org/jedgar/FreeBSD/diffs/pending/ -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jan 1 14:59:48 2001 From owner-freebsd-audit@FreeBSD.ORG Mon Jan 1 14:59:46 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mail2.registeredsite.com (mail2.registeredsite.com [64.224.9.11]) by hub.freebsd.org (Postfix) with ESMTP id 15F8337B400 for ; Mon, 1 Jan 2001 14:59:46 -0800 (PST) Received: from mail.techfour.net ([209.35.6.184]) by mail2.registeredsite.com (8.11.1/8.11.1) with ESMTP id f01MxfV19875; Mon, 1 Jan 2001 17:59:45 -0500 Received: from enterprise.muriel.penguinpowered.com [208.138.197.178] by mail.techfour.net with ESMTP (SMTPD32-6.00) id ABE23D8A0040; Mon, 01 Jan 2001 17:59:46 -0500 Message-ID: X-Mailer: XFMail 1.4.6-3 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20010101130050.A17572@peitho.fxp.org> Date: Mon, 01 Jan 2001 17:59:36 -0500 (EST) Reply-To: Mike Heffner Sender: spock@enterprise.muriel.penguinpowered.com From: Mike Heffner To: Chris Faulhaber Subject: Re: Overflows in /usr/bin (halfway) Cc: FreeBSD-audit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 01-Jan-2001 Chris Faulhaber wrote: | | Sounds like fuzz, but with env var support. Any chance of a port? I'm planning on making a release in the near future that I'll make available as a port. | | A summary of the findings would have been nice (1.5M of repetitious | data is, well, repetitious). The following is a list of the affected | programs: | | doscmd dnsquery systat rpcgen ld as [Mm]ail lam jot indent hesinfo | gate-ftp pftp ftp | Sorry about that, I'll try and update my website with these and others I find. -- Mike Heffner Fredericksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 2 16:16: 2 2001 From owner-freebsd-audit@FreeBSD.ORG Tue Jan 2 16:15:58 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 2644F37B400; Tue, 2 Jan 2001 16:15:57 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id VAA49573; Tue, 2 Jan 2001 21:16:57 -0300 (ART) From: Fernando Schapachnik Message-Id: <200101030016.VAA49573@ns1.via-net-works.net.ar> Subject: Re: Proposed modification to ftpd In-Reply-To: <200101021734.KAA30135@harmony.village.org> "from Warner Losh at Jan 2, 2001 10:34:59 am" To: Warner Losh Date: Tue, 2 Jan 2001 21:16:57 -0300 (ART) Cc: Fernando Schapachnik , Roman Shterenzon , security@FreeBSD.ORG, audit@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG En un mensaje anterior, Warner Losh escribió: > In message <200101021500.MAA18599@ns1.via-net-works.net.ar> Fernando Schapachnik writes: > : In the patch I made "/./" is an easely changeable #define. > > Maybe I missed the pointer to it, but can you post a pointer to your > patch for review? Audit@ might be a good list to cc it to as well. I did in my first post, but here it goes again: PR bin/23944. I also submitted a follow up that for some reason can't be seen through the web interface which add checks for strdup result values that are missing in the first patch. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jan 3 10:42:49 2001 From owner-freebsd-audit@FreeBSD.ORG Wed Jan 3 10:42:46 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by hub.freebsd.org (Postfix) with ESMTP id DB48737B404; Wed, 3 Jan 2001 10:42:45 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id MAA13149; Wed, 3 Jan 2001 12:29:03 -0600 Received: from colltech.com (dhcp5212.wdc.colltech.com [10.20.5.212]) by mail2.colltech.com (8.9.3/8.9.3/not) with ESMTP id MAA17339; Wed, 3 Jan 2001 12:28:59 -0600 Message-ID: <3A536F7C.71DA4C2E@colltech.com> Date: Wed, 03 Jan 2001 13:29:16 -0500 From: Daniel Hagan X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik Cc: Warner Losh , Roman Shterenzon , audit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, greid@dogma.freebsd-uk.eu.org Subject: Re: bin/23944: Proposed modification to ftpd References: <200101030016.VAA49573@ns1.via-net-works.net.ar> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've been poking around GNATS today, and I noticed misc/24034, a semi-related patch. If this (bin/23944) gets committed, someone needs to update the code from 24034 as well. Daniel Fernando Schapachnik wrote: > I did in my first post, but here it goes again: PR bin/23944. I also > submitted a follow up that for some reason can't be seen through the > web interface which add checks for strdup result values that are > missing in the first patch. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 4:34:37 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 04:34:33 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id BCAF537B400 for ; Thu, 4 Jan 2001 04:34:31 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA57529; Thu, 4 Jan 2001 09:33:53 -0300 (ART) From: Fernando Schapachnik Message-Id: <200101041233.JAA57529@ns1.via-net-works.net.ar> Subject: Re: Proposed modification to ftpd In-Reply-To: <3A5345CF.7AAB96A@colltech.com> "from Daniel Hagan at Jan 3, 2001 10:31:27 am" To: Daniel Hagan Date: Thu, 4 Jan 2001 09:33:52 -0300 (ART) Cc: Fernando Schapachnik , Warner Losh , Roman Shterenzon , audit@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM978611632-98677-0_ Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --ELM978611632-98677-0_ Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 En un mensaje anterior, Daniel Hagan escribió: > [-security trimmed] > > Would you mind posting a copy of the new patch, or a URL link to it? > I'd like to see what is actually being proposed for the change. Sure. I'm attaching it. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA --ELM978611632-98677-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: attachment; filename=ftpd.patch --- ftpd.c.orig Mon Oct 23 17:57:54 2000 +++ ftpd.c Fri Dec 29 13:36:23 2000 @@ -185,6 +185,9 @@ char *pid_file = NULL; +/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */ +#define FTP_CHROOT_SEPARATOR "/./" + /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This @@ -248,6 +251,7 @@ static char *sgetsave __P((char *)); static void reapchild __P((int)); static void logxfer __P((char *, long, long)); +static void get_chroot_and_cd_dirs __P((char *, char **, char **)); static char * curdir() @@ -1168,6 +1172,7 @@ { int rval; FILE *fd; + char *cd_dir, *chroot_dir; #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif @@ -1291,10 +1296,15 @@ goto bad; } } else if (dochroot) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir); + if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) { + free(chroot_dir); + free(cd_dir); reply(550, "Can't change root."); goto bad; } + free(chroot_dir); + free(cd_dir); } else if (chdir(pw->pw_dir) < 0) { if (chdir("/") < 0) { reply(530, "User %s: can't change directory to %s.", @@ -2789,5 +2799,49 @@ ctime(&now)+4, ident, remotehost, path, name, size, now - start + (now == start)); write(statfd, buf, strlen(buf)); + } +} + +/* + * Make a pointer to the chroot dir and another to the cd dir. + * The first is all the path up to the first FTP_CHROOT_SEPARATOR. + * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR, + * but prepending a '/'. + */ +static void +get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir) + char *user_home_dir; + char **chroot_dir; + char **cd_dir; +{ + char *p; + + /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR + inside user_home_dir. */ + p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR); + if (p == NULL) { + /* + * There is not FTP_CHROOT_SEPARATOR string inside + * user_home_dir. Return user_home_dir as chroot_dir, + * and "/" as cd_dir. + */ + if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = (char *) strdup("/")) == NULL) + fatal("Ran out of memory."); + } else { + /* + * Use strlen(user_home_dir) as maximun length for + * both cd_dir and chroot_dir, as both are substrings of + * user_home_dir. + */ + if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir); + /* Skip FTP_CHROOT_SEPARATOR (except the last /). */ + p += strlen(FTP_CHROOT_SEPARATOR)-1; + (void) strncpy(*cd_dir, p, strlen(p)); } } --- ftpd.8.orig Fri Dec 29 12:53:21 2000 +++ ftpd.8 Fri Dec 29 12:55:51 2000 @@ -298,13 +298,14 @@ or the user is a member of a group with a group entry in this file, i.e. one prefixed with .Ql \&@ , -the session's root will be changed to the user's login directory by +the session's root will be changed to the user's login directory (up to the first /./) by .Xr chroot 2 as for an .Dq anonymous or .Dq ftp account (see next item). +The user is placed into the directory that remainds after stripping the former from the user's login directory. This facility may also be triggered by enabling the boolean "ftp-chroot" capability in .Xr login.conf 5 . --ELM978611632-98677-0_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 4:47:44 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 04:47:41 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 633A237B400; Thu, 4 Jan 2001 04:47:39 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA64058; Thu, 4 Jan 2001 09:47:36 -0300 (ART) From: Fernando Schapachnik Message-Id: <200101041247.JAA64058@ns1.via-net-works.net.ar> Subject: Re: bin/23944: Proposed modification to ftpd In-Reply-To: <3A536F7C.71DA4C2E@colltech.com> "from Daniel Hagan at Jan 3, 2001 01:29:16 pm" To: Daniel Hagan Date: Thu, 4 Jan 2001 09:47:36 -0300 (ART) Cc: Fernando Schapachnik , Warner Losh , Roman Shterenzon , audit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, greid@dogma.freebsd-uk.eu.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG En un mensaje anterior, Daniel Hagan escribió: > I've been poking around GNATS today, and I noticed misc/24034, a > semi-related patch. If this (bin/23944) gets committed, someone needs > to update the code from 24034 as well. I'll post a patch for it in a few hours. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 5:52:13 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 05:52:02 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 5791337B400; Thu, 4 Jan 2001 05:52:00 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id KAA96373; Thu, 4 Jan 2001 10:51:52 -0300 (ART) From: Fernando Schapachnik Message-Id: <200101041351.KAA96373@ns1.via-net-works.net.ar> Subject: Re: bin/23944: Proposed modification to ftpd In-Reply-To: <3A536F7C.71DA4C2E@colltech.com> "from Daniel Hagan at Jan 3, 2001 01:29:16 pm" To: Daniel Hagan Date: Thu, 4 Jan 2001 10:51:52 -0300 (ART) Cc: Fernando Schapachnik , Warner Losh , Roman Shterenzon , audit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, greid@dogma.freebsd-uk.eu.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM978616312-93709-0_ Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --ELM978616312-93709-0_ Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 En un mensaje anterior, Daniel Hagan escribió: > I've been poking around GNATS today, and I noticed misc/24034, a > semi-related patch. If this (bin/23944) gets committed, someone needs > to update the code from 24034 as well. The patch I'm attaching contains a reworked version of my original patch and a fix for misc/24034 under the new scenario. The only problem is they are against 4.2-RELEASE, and thus ftpcmd.y 1.16.2.1 (I can't follow -stable at the moment). Anyway, from what cvsweb reveals, there shouldn't be any trouble making it fit in the current version. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA --ELM978616312-93709-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: attachment; filename=ftpd.patch --- ftpd.c.orig Mon Oct 23 17:57:54 2000 +++ ftpd.c Thu Jan 4 10:27:39 2001 @@ -139,6 +139,7 @@ int anon_only = 0; /* Only anonymous ftp allowed */ int guest; int dochroot; +char *cd_dir, *chroot_dir; int stats; int statfd = -1; int type; @@ -185,6 +186,9 @@ char *pid_file = NULL; +/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */ +#define FTP_CHROOT_SEPARATOR "/./" + /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This @@ -248,6 +252,7 @@ static char *sgetsave __P((char *)); static void reapchild __P((int)); static void logxfer __P((char *, long, long)); +static void get_chroot_and_cd_dirs __P((char *, char **, char **)); static char * curdir() @@ -1027,6 +1032,8 @@ logged_in = 0; guest = 0; dochroot = 0; + free(chroot_dir); + free(cd_dir); } #if !defined(NOPAM) @@ -1291,10 +1298,13 @@ goto bad; } } else if (dochroot) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir); + if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) { reply(550, "Can't change root."); goto bad; } + free(chroot_dir); + free(cd_dir); } else if (chdir(pw->pw_dir) < 0) { if (chdir("/") < 0) { reply(530, "User %s: can't change directory to %s.", @@ -2789,5 +2799,50 @@ ctime(&now)+4, ident, remotehost, path, name, size, now - start + (now == start)); write(statfd, buf, strlen(buf)); + } +} + +/* + * Make a pointer to the chroot dir and another to the cd dir. + * The first is all the path up to the first FTP_CHROOT_SEPARATOR. + * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR, + * but prepending a '/', if FTP_CHROOT_SEPARATOR is found. + * Otherwise, return user_home_dir as chroot_dir and "/" as cd_dir. + */ +static void +get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir) + char *user_home_dir; + char **chroot_dir; + char **cd_dir; +{ + char *p; + + /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR + inside user_home_dir. */ + p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR); + if (p == NULL) { + /* + * There is not FTP_CHROOT_SEPARATOR string inside + * user_home_dir. Return user_home_dir as chroot_dir, + * and "/" as cd_dir. + */ + if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = (char *) strdup("/")) == NULL) + fatal("Ran out of memory."); + } else { + /* + * Use strlen(user_home_dir) as maximun length for + * both cd_dir and chroot_dir, as both are substrings of + * user_home_dir. + */ + if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir); + /* Skip FTP_CHROOT_SEPARATOR (except the last /). */ + p += strlen(FTP_CHROOT_SEPARATOR)-1; + (void) strncpy(*cd_dir, p, strlen(p)); } } --- ftpcmd.y.orig Thu Jan 4 09:52:32 2001 +++ ftpcmd.y Thu Jan 4 10:30:40 2001 @@ -90,6 +90,8 @@ extern int usedefault; extern int transflag; extern char tmpline[]; +extern int dochroot; +extern char *cd_dir, *chroot_dir; off_t restart_point; @@ -500,8 +502,14 @@ } | CWD check_login CRLF { - if ($2) - cwd(pw->pw_dir); + if ($2) { + if (guest) + cwd("/"); + else if (dochroot) { + cwd(cd_dir); + } else + cwd(pw->pw_dir); + } } | CWD check_login SP pathname CRLF { --- ftpd.8.orig Fri Dec 29 12:53:21 2000 +++ ftpd.8 Fri Dec 29 12:55:51 2000 @@ -298,13 +298,14 @@ or the user is a member of a group with a group entry in this file, i.e. one prefixed with .Ql \&@ , -the session's root will be changed to the user's login directory by +the session's root will be changed to the user's login directory (up to the first /./) by .Xr chroot 2 as for an .Dq anonymous or .Dq ftp account (see next item). +The user is placed into the directory that remainds after stripping the former from the user's login directory. This facility may also be triggered by enabling the boolean "ftp-chroot" capability in .Xr login.conf 5 . --ELM978616312-93709-0_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 8: 6:13 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 08:06:07 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from athena.cs.vt.edu (athena.cs.vt.edu [128.173.40.29]) by hub.freebsd.org (Postfix) with ESMTP id E581137B400; Thu, 4 Jan 2001 08:06:05 -0800 (PST) Received: (from dhagan@localhost) by athena.cs.vt.edu (8.11.1/8.11.1) id f04G5wM74909; Thu, 4 Jan 2001 11:05:58 -0500 (EST) (envelope-from dhagan) Date: Thu, 4 Jan 2001 11:05:58 -0500 (EST) Message-Id: <200101041605.f04G5wM74909@athena.cs.vt.edu> To: freebsd-audit@freebsd.org Subject: Re: bin/23944: Proposed modification to ftpd From: Daniel Hagan Reply-To: Daniel Hagan Sender: Daniel Hagan Cc: freebsd-gnats-submit@freebsd.org, fschapachnik@vianetworks.com.ar, greid@dogma.freebsd-uk.eu.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've rewritten some of your patch to not use dangling pointers. I also added the cd_dir functionality to the ftp guest account, not because I think it's a great idea, but because it will be consistent behavior. (If someone had specified /info/ftp/./pub as HOME for ftp, your patch would have chroot'd ftp into /info/ftp/pub, instead of /info/ftp. And this 'bug' would only appear for the ftp account. ;-)) In the event that this mail doesn't get munged the way I'd like, please respond to dhagan@colltech.com Thanks, Daniel Index: ftpcmd.y =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpcmd.y,v retrieving revision 1.19 diff -u -r1.19 ftpcmd.y --- ftpcmd.y 2000/12/16 19:19:19 1.19 +++ ftpcmd.y 2001/01/04 15:55:42 @@ -92,6 +92,8 @@ extern char tmpline[]; extern int readonly; extern int noepsv; +extern int dochroot; +extern char *cd_dir, *chroot_dir; off_t restart_point; @@ -505,8 +507,11 @@ | CWD check_login CRLF { if ($2) { - if (guest) - cwd("/"); + if (guest || dochroot) + if (cd_dir != NULL) + cwd(cd_dir); + else + cwd("/"); else cwd(pw->pw_dir); } Index: ftpd.8 =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpd.8,v retrieving revision 1.36 diff -u -r1.36 ftpd.8 --- ftpd.8 2000/12/18 08:33:25 1.36 +++ ftpd.8 2001/01/04 15:46:24 @@ -311,13 +311,14 @@ or the user is a member of a group with a group entry in this file, i.e. one prefixed with .Ql \&@ , -the session's root will be changed to the user's login directory by +the session's root will be changed to the user's login directory (up to the first /./) by .Xr chroot 2 as for an .Dq anonymous or .Dq ftp account (see next item). +The user is placed into the directory that remainds after stripping the former from the user's login directory. This facility may also be triggered by enabling the boolean "ftp-chroot" capability in .Xr login.conf 5 . Index: ftpd.c =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.72 diff -u -r1.72 ftpd.c --- ftpd.c 2000/12/20 03:34:54 1.72 +++ ftpd.c 2001/01/04 15:56:59 @@ -140,6 +140,7 @@ int anon_only = 0; /* Only anonymous ftp allowed */ int guest; int dochroot; +char *cd_dir = NULL, *chroot_dir = NULL; int stats; int statfd = -1; int type; @@ -188,6 +189,9 @@ char *pid_file = NULL; +/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */ +#define FTP_CHROOT_SEPARATOR "/./" + /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This @@ -251,6 +255,7 @@ static char *sgetsave __P((char *)); static void reapchild __P((int)); static void logxfer __P((char *, long, long)); +static void get_chroot_and_cd_dirs __P((char *, char **, char **)); static char * curdir() @@ -1038,6 +1043,8 @@ logged_in = 0; guest = 0; dochroot = 0; + free(chroot_dir); + free(cd_dir); } #if !defined(NOPAM) @@ -1291,19 +1298,20 @@ login_getcapbool(lc, "ftp-chroot", 0) || #endif checkuser(_PATH_FTPCHROOT, pw->pw_name, 1); - if (guest) { + if (guest || dochroot) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { - reply(550, "Can't set guest privileges."); - goto bad; - } - } else if (dochroot) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { - reply(550, "Can't change root."); + get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir); + /* + * Do not free chroot_dir & cd_dir b/c they are used in + * processing CWD commands from client. They should be + * free'd during a user logout. + */ + if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) { + reply(550, guest ? "Can't set guest privileges." : "Can't change root."); goto bad; } } else if (chdir(pw->pw_dir) < 0) { @@ -2802,5 +2810,50 @@ ctime(&now)+4, ident, remotehost, path, name, size, now - start + (now == start)); write(statfd, buf, strlen(buf)); + } +} + +/* + * Make a pointer to the chroot dir and another to the cd dir. + * The first is all the path up to the first FTP_CHROOT_SEPARATOR. + * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR, + * but prepending a '/', if FTP_CHROOT_SEPARATOR is found. + * Otherwise, return user_home_dir as chroot_dir and "/" as cd_dir. + */ +static void +get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir) + char *user_home_dir; + char **chroot_dir; + char **cd_dir; +{ + char *p; + + /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR + inside user_home_dir. */ + p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR); + if (p == NULL) { + /* + * There is not FTP_CHROOT_SEPARATOR string inside + * user_home_dir. Return user_home_dir as chroot_dir, + * and "/" as cd_dir. + */ + if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = (char *) strdup("/")) == NULL) + fatal("Ran out of memory."); + } else { + /* + * Use strlen(user_home_dir) as maximun length for + * both cd_dir and chroot_dir, as both are substrings of + * user_home_dir. + */ + if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir); + /* Skip FTP_CHROOT_SEPARATOR (except the last /). */ + p += strlen(FTP_CHROOT_SEPARATOR)-1; + (void) strncpy(*cd_dir, p, strlen(p)); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 8:27:30 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 08:27:29 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by hub.freebsd.org (Postfix) with ESMTP id 649AB37B400; Thu, 4 Jan 2001 08:27:28 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id KAA01017; Thu, 4 Jan 2001 10:13:00 -0600 Received: from colltech.com (dhcp5212.wdc.colltech.com [10.20.5.212]) by mail2.colltech.com (8.9.3/8.9.3/not) with ESMTP id KAA22559; Thu, 4 Jan 2001 10:12:59 -0600 Message-ID: <3A54A10E.854A913A@colltech.com> Date: Thu, 04 Jan 2001 11:13:02 -0500 From: Daniel Hagan X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-audit@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG, fschapachnik@vianetworks.com.ar, greid@dogma.freebsd-uk.eu.org Subject: Re: bin/23944: Proposed modification to ftpd References: <200101041605.f04G5wM74909@athena.cs.vt.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Oh, forgot to mention -- this is against -CURRENT not -STABLE. Daniel Daniel Hagan wrote: > > I've rewritten some of your patch to not use dangling pointers. I also To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 9:14:53 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 09:14:42 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from athena.cs.vt.edu (athena.cs.vt.edu [128.173.40.29]) by hub.freebsd.org (Postfix) with ESMTP id 863E037B400; Thu, 4 Jan 2001 09:14:41 -0800 (PST) Received: (from dhagan@localhost) by athena.cs.vt.edu (8.11.1/8.11.1) id f04HEfB75136; Thu, 4 Jan 2001 12:14:41 -0500 (EST) (envelope-from dhagan) Date: Thu, 4 Jan 2001 12:14:41 -0500 (EST) Message-Id: <200101041714.f04HEfB75136@athena.cs.vt.edu> To: freebsd-audit@freebsd.org Subject: Re: ftpd and anonymous setup (modified ftpd) From: Daniel Hagan Reply-To: Daniel Hagan Sender: Daniel Hagan Cc: freebsd-security@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here's a quick patch that includes the chroot/cwd patch mentioned earlier and a login.conf capability to set a session to read-only. [Apologies if you receive this twice, I think it got bounced at freebsd.org] Daniel Index: ftpcmd.y =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpcmd.y,v retrieving revision 1.19 diff -u -r1.19 ftpcmd.y --- ftpcmd.y 2000/12/16 19:19:19 1.19 +++ ftpcmd.y 2001/01/04 15:55:42 @@ -92,6 +92,8 @@ extern char tmpline[]; extern int readonly; extern int noepsv; +extern int dochroot; +extern char *cd_dir, *chroot_dir; off_t restart_point; @@ -505,8 +507,11 @@ | CWD check_login CRLF { if ($2) { - if (guest) - cwd("/"); + if (guest || dochroot) + if (cd_dir != NULL) + cwd(cd_dir); + else + cwd("/"); else cwd(pw->pw_dir); } Index: ftpd.8 =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpd.8,v retrieving revision 1.36 diff -u -r1.36 ftpd.8 --- ftpd.8 2000/12/18 08:33:25 1.36 +++ ftpd.8 2001/01/04 16:58:49 @@ -158,6 +158,10 @@ .It Fl r Put server in read-only mode. All commands which may modify the local filesystem are disabled. +Read-only mode may be set on a per account basis in +.Xr login.conf 5 +with the boolean capability "ftp-readonly". Once set in a session +it cannot be cleared (i.e. by USER). .It Fl E Disable the EPSV command. This is useful for servers behind older firewalls. @@ -311,13 +315,14 @@ or the user is a member of a group with a group entry in this file, i.e. one prefixed with .Ql \&@ , -the session's root will be changed to the user's login directory by +the session's root will be changed to the user's login directory (up to the first /./) by .Xr chroot 2 as for an .Dq anonymous or .Dq ftp account (see next item). +The user is placed into the directory that remainds after stripping the former from the user's login directory. This facility may also be triggered by enabling the boolean "ftp-chroot" capability in .Xr login.conf 5 . Index: ftpd.c =================================================================== RCS file: /raid/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.72 diff -u -r1.72 ftpd.c --- ftpd.c 2000/12/20 03:34:54 1.72 +++ ftpd.c 2001/01/04 17:00:42 @@ -140,6 +140,7 @@ int anon_only = 0; /* Only anonymous ftp allowed */ int guest; int dochroot; +char *cd_dir = NULL, *chroot_dir = NULL; int stats; int statfd = -1; int type; @@ -188,6 +189,9 @@ char *pid_file = NULL; +/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */ +#define FTP_CHROOT_SEPARATOR "/./" + /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This @@ -251,6 +255,7 @@ static char *sgetsave __P((char *)); static void reapchild __P((int)); static void logxfer __P((char *, long, long)); +static void get_chroot_and_cd_dirs __P((char *, char **, char **)); static char * curdir() @@ -1038,6 +1043,13 @@ logged_in = 0; guest = 0; dochroot = 0; + /* + * do not reset readonly to 0 b/c once session is ro, we leave it + * that way for security's sake. + */ + free(chroot_dir); + free(cd_dir); + chroot_dir = cd_dir = NULL; } #if !defined(NOPAM) @@ -1291,19 +1303,24 @@ login_getcapbool(lc, "ftp-chroot", 0) || #endif checkuser(_PATH_FTPCHROOT, pw->pw_name, 1); - if (guest) { +#ifdef LOGIN_CAP /* Check for ftp-readonly */ + if (readonly = 0) + readonly = login_getcapbool(lc, "ftp-readonly", 0); +#endif + if (guest || dochroot) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { - reply(550, "Can't set guest privileges."); - goto bad; - } - } else if (dochroot) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { - reply(550, "Can't change root."); + get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir); + /* + * Do not free chroot_dir & cd_dir b/c they are used in + * processing CWD commands from client. They should be + * free'd during a user logout. + */ + if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) { + reply(550, guest ? "Can't set guest privileges." : "Can't change root."); goto bad; } } else if (chdir(pw->pw_dir) < 0) { @@ -2802,5 +2819,50 @@ ctime(&now)+4, ident, remotehost, path, name, size, now - start + (now == start)); write(statfd, buf, strlen(buf)); + } +} + +/* + * Make a pointer to the chroot dir and another to the cd dir. + * The first is all the path up to the first FTP_CHROOT_SEPARATOR. + * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR, + * but prepending a '/', if FTP_CHROOT_SEPARATOR is found. + * Otherwise, return user_home_dir as chroot_dir and "/" as cd_dir. + */ +static void +get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir) + char *user_home_dir; + char **chroot_dir; + char **cd_dir; +{ + char *p; + + /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR + inside user_home_dir. */ + p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR); + if (p == NULL) { + /* + * There is not FTP_CHROOT_SEPARATOR string inside + * user_home_dir. Return user_home_dir as chroot_dir, + * and "/" as cd_dir. + */ + if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = (char *) strdup("/")) == NULL) + fatal("Ran out of memory."); + } else { + /* + * Use strlen(user_home_dir) as maximun length for + * both cd_dir and chroot_dir, as both are substrings of + * user_home_dir. + */ + if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir); + /* Skip FTP_CHROOT_SEPARATOR (except the last /). */ + p += strlen(FTP_CHROOT_SEPARATOR)-1; + (void) strncpy(*cd_dir, p, strlen(p)); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 10:48:27 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 10:48:24 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by hub.freebsd.org (Postfix) with ESMTP id 9410437B698; Thu, 4 Jan 2001 10:48:23 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id MAA13203; Thu, 4 Jan 2001 12:47:47 -0600 Received: from colltech.com (dhcp5212.wdc.colltech.com [10.20.5.212]) by mail2.colltech.com (8.9.3/8.9.3/not) with ESMTP id MAA17030; Thu, 4 Jan 2001 12:47:45 -0600 Message-ID: <3A54C54F.90C7FFEC@colltech.com> Date: Thu, 04 Jan 2001 13:47:43 -0500 From: Daniel Hagan X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-audit@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, wollman@khavrinen.lcs.mit.edu Subject: Re: ftpd and anonymous setup (modified ftpd) References: <200101041714.f04HEfB75136@athena.cs.vt.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > +#ifdef LOGIN_CAP /* Check for ftp-readonly */ > + if (readonly = 0) > + readonly = login_getcapbool(lc, "ftp-readonly", 0); > +#endif Doh! That should have been if (readonly == 0) ;-) Didn't see that first time through. Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 10:56:24 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 10:56:23 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from meow.osd.bsdi.com (meow.osd.bsdi.com [204.216.28.88]) by hub.freebsd.org (Postfix) with ESMTP id A7D2A37B400 for ; Thu, 4 Jan 2001 10:56:22 -0800 (PST) Received: from laptop.baldwin.cx (john@jhb-laptop.osd.bsdi.com [204.216.28.241]) by meow.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id f04ItXG59548; Thu, 4 Jan 2001 10:55:33 -0800 (PST) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200101041714.f04HEfB75136@athena.cs.vt.edu> Date: Thu, 04 Jan 2001 10:56:29 -0800 (PST) From: John Baldwin To: Daniel Hagan Subject: Re: ftpd and anonymous setup (modified ftpd) Cc: freebsd-audit@FreeBSD.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 04-Jan-01 Daniel Hagan wrote: > Here's a quick patch that includes the chroot/cwd patch mentioned earlier > and a login.conf capability to set a session to read-only. > > [Apologies if you receive this twice, I think it got bounced at freebsd.org] There were a few nits in the manpage (needed to use .Dq instead of "'s, use .Pq instead of ()'s, start each sentence on a new line, etc. Also, the "i.e. by USER" part may not be clear for non-native speakers, so you might want to be more explicit in the comment (don't use i.e. mainly). An updated patch can be found at http://www.FreeBSD.org/~jhb/patches/ftpd.8.patch. -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 11:30:10 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 11:30:07 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by hub.freebsd.org (Postfix) with ESMTP id 9335537B400; Thu, 4 Jan 2001 11:30:06 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id NAA16037; Thu, 4 Jan 2001 13:30:05 -0600 Received: from colltech.com (dhcp5212.wdc.colltech.com [10.20.5.212]) by mail2.colltech.com (8.9.3/8.9.3/not) with ESMTP id NAA23159; Thu, 4 Jan 2001 13:30:05 -0600 Message-ID: <3A54CF3C.98CA7BF@colltech.com> Date: Thu, 04 Jan 2001 14:30:04 -0500 From: Daniel Hagan X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Guy Helmer , freebsd-security@freebsd.org, freebsd-audit@freebsd.org Subject: Re: ftpd and anonymous setup (modified ftpd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Guy Helmer wrote: > Does this do what I think it does -- it appears if I login as a "ro" user, > then login again as a different (not "ro") user, the session will still be > "ro"? Granted, this doesn't happen often, but it seems to violate POLA... Yes, this is the way it works given this patch (it's also explicitly mentioned in the patch to the man page). If you reset the read-only setting here, you need to make a different flag for login.conf read-only caps and the -r read-only setting (since -r is daemon wide and should never be modified at run-time). If people think the POLA effect will be significant enough, I suppose I can rewrite the patch to do that instead. Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 4 12:30:31 2001 From owner-freebsd-audit@FreeBSD.ORG Thu Jan 4 12:30:28 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by hub.freebsd.org (Postfix) with ESMTP id 04A7237B404; Thu, 4 Jan 2001 12:30:28 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id OAA20572; Thu, 4 Jan 2001 14:30:27 -0600 Received: from colltech.com (dhcp5212.wdc.colltech.com [10.20.5.212]) by mail2.colltech.com (8.9.3/8.9.3/not) with ESMTP id OAA00648; Thu, 4 Jan 2001 14:30:26 -0600 Message-ID: <3A54DD5F.866B2FE2@colltech.com> Date: Thu, 04 Jan 2001 15:30:24 -0500 From: Daniel Hagan X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Guy Helmer , freebsd-security@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: ftpd and anonymous setup (modified ftpd) References: <3A54CF3C.98CA7BF@colltech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, since I've had more free time than I expected today, I went ahead and fixed the patch to conserve POLA. Instead of spamming it one more time, those interested can get it from http://vtopus.cs.vt.edu/~dhagan/freebsd/ftpd.patch Daniel Daniel Hagan wrote: [snip] > I suppose I can rewrite the patch to do that instead. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message