From owner-freebsd-security@FreeBSD.ORG  Mon Dec 12 00:52:48 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9F0271065678
	for <freebsd-security@freebsd.org>;
	Mon, 12 Dec 2011 00:52:48 +0000 (UTC)
	(envelope-from jamie@bishopston.net)
Received: from pacha.mail.bishopston.net (pacha.mail.bishopston.net
	[IPv6:2001:5c0:1100:200::3])
	by mx1.freebsd.org (Postfix) with ESMTP id 4FC4F8FC08
	for <freebsd-security@freebsd.org>;
	Mon, 12 Dec 2011 00:52:48 +0000 (UTC)
X-Catflap-Envelope-From: <jamie@catflap.bishopston.net>
X-Catflap-Envelope-To: freebsd-security@freebsd.org
Received: from catflap.bishopston.net (smmsp@localhost [127.0.0.1])
	by catflap.bishopston.net (8.14.5/8.14.4) with ESMTP id pBC0qldp014206; 
	Mon, 12 Dec 2011 00:52:47 GMT
	(envelope-from jamie@catflap.bishopston.net)
Received: (from root@localhost)
	by catflap.bishopston.net (8.14.5/8.12.9/Submit) id pBC0qkov014205;
	Mon, 12 Dec 2011 00:52:46 GMT
From: Jamie Landeg Jones <jamie@bishopston.net>
Message-Id: <201112120052.pBC0qkov014205@catflap.bishopston.net>
Date: Mon, 12 Dec 2011 00:52:46 +0000
Organization: http://www.bishopston.com/jamie/
To: gabor@zahemszky.hu, delphij@gmail.com
References: <4ED68B4D.4020004@sentex.net> <4ED69B7E.50505@frasunek.com>
	<4ED6C3C6.5030402@delphij.net> <4ED6D1CD.9080700@sentex.net>
	<4ED6D577.9010007@delphij.net> <4ED6DA75.30604@sentex.net>
	<4EE131B8.7040000@sentex.net>
	<c081e4612df771d59c1dc2870d99d7b9@zahemszky.hu>
	<CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com>
In-Reply-To: <CAGMYy3vZ9CjuboiQsuGnYLZPpbAMMCQScsu9toXLpOyWAdAA3A@mail.gmail.com>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7
	(catflap.bishopston.net [127.0.0.1]);
	Mon, 12 Dec 2011 00:52:47 +0000 (GMT)
X-Virus-Scanned: clamav-milter 0.97 at catflap.bishopston.net
X-Virus-Status: Clean
Cc: freebsd-security@freebsd.org
Subject: Re: ftpd security issue ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2011 00:52:48 -0000

> > Are the following steps enough to prevent me?
> >
> > # for user in user1 user2 .... ; do
> > mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc
> > chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib ~$user/etc
> > done
> > #
>
> Yes that should be sufficient workaround.

I'd modify that to also check that the directories don't already exist,
and delete/rename them if they do.

Currently, (if you ignore error messages) your script will not fix users
who already potentially exploit the issue.

Cheers,
Jamie