Date: Mon, 12 Dec 2011 00:52:46 +0000 From: Jamie Landeg Jones <jamie@bishopston.net> To: gabor@zahemszky.hu, delphij@gmail.com Cc: freebsd-security@freebsd.org Subject: Re: ftpd security issue ? Message-ID: <201112120052.pBC0qkov014205@catflap.bishopston.net> In-Reply-To: <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com> References: <4ED68B4D.4020004@sentex.net> <4ED69B7E.50505@frasunek.com> <4ED6C3C6.5030402@delphij.net> <4ED6D1CD.9080700@sentex.net> <4ED6D577.9010007@delphij.net> <4ED6DA75.30604@sentex.net> <4EE131B8.7040000@sentex.net> <c081e4612df771d59c1dc2870d99d7b9@zahemszky.hu> <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
> > Are the following steps enough to prevent me? > > > > # for user in user1 user2 .... ; do > > mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc > > chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib ~$user/etc > > done > > # > > Yes that should be sufficient workaround. I'd modify that to also check that the directories don't already exist, and delete/rename them if they do. Currently, (if you ignore error messages) your script will not fix users who already potentially exploit the issue. Cheers, Jamiehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112120052.pBC0qkov014205>