From owner-freebsd-security Sun Dec 31 11:53: 6 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 11:53:04 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E7F9F37B400 for ; Sun, 31 Dec 2000 11:53:02 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id QAA71938; Sun, 31 Dec 2000 16:54:09 -0300 (ART) From: Fernando Schapachnik Message-Id: <200012311954.QAA71938@ns1.via-net-works.net.ar> Subject: Re: Proposed modification to ftpd In-Reply-To: <20001231110840.A44549@earth.causticlabs.com> "from Chris Faulhaber at Dec 31, 2000 11:08:40 am" To: Chris Faulhaber Date: Sun, 31 Dec 2000 16:54:09 -0300 (ART) Cc: Fernando Schapachnik , security@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Chris Faulhaber escribió: > On Fri, Dec 29, 2000 at 01:29:45PM -0300, Fernando Schapachnik wrote: > > Hello: > > I just submitted PR bin/23944, which contains a patch against > > 4.2R ftpd to add the following funcionality to chrooted users: The > > user's home dir is splitted by the first '/./'. The first part is > > used to chroot, and the second to chdir (eg, > > '/usr/local/www/data/site/./htdocs', means chroot to > > /usr/local/www/data/site, and then chdir to htdocs). > > > > Isn't it the client's responsibility to CWD ? Should be, but if you are doing virtual hosting chances are that your users will be clueless. A tipical environment for a hosting site may look like: virtual_root/ virtual_root/htdocs virtual_root/logs So to avoid support calls ("I upload my .html, but I see nothing in my browser"), you make them auto cd to htdocs. This is why wu-ftpd includes this feature in the first place. So, if you -like me- are tired of upgrading wu-ftpd because of security problems every now and then, and have hundreds of virtual sites to support, you'd better make it transparent to your users when you switch daemons, or they will kill you. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message