Date: Thu, 4 Jan 2001 09:33:52 -0300 (ART) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: Daniel Hagan <dhagan@colltech.com> Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, Warner Losh <imp@bsdimp.com>, Roman Shterenzon <roman@xpert.com>, audit@FreeBSD.ORG Subject: Re: Proposed modification to ftpd Message-ID: <200101041233.JAA57529@ns1.via-net-works.net.ar> In-Reply-To: <3A5345CF.7AAB96A@colltech.com> "from Daniel Hagan at Jan 3, 2001 10:31:27 am"
next in thread | previous in thread | raw e-mail | index | archive | help
--ELM978611632-98677-0_ Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 En un mensaje anterior, Daniel Hagan escribió: > [-security trimmed] > > Would you mind posting a copy of the new patch, or a URL link to it? > I'd like to see what is actually being proposed for the change. Sure. I'm attaching it. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA --ELM978611632-98677-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: attachment; filename=ftpd.patch --- ftpd.c.orig Mon Oct 23 17:57:54 2000 +++ ftpd.c Fri Dec 29 13:36:23 2000 @@ -185,6 +185,9 @@ char *pid_file = NULL; +/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */ +#define FTP_CHROOT_SEPARATOR "/./" + /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This @@ -248,6 +251,7 @@ static char *sgetsave __P((char *)); static void reapchild __P((int)); static void logxfer __P((char *, long, long)); +static void get_chroot_and_cd_dirs __P((char *, char **, char **)); static char * curdir() @@ -1168,6 +1172,7 @@ { int rval; FILE *fd; + char *cd_dir, *chroot_dir; #ifdef LOGIN_CAP login_cap_t *lc = NULL; #endif @@ -1291,10 +1296,15 @@ goto bad; } } else if (dochroot) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir); + if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) { + free(chroot_dir); + free(cd_dir); reply(550, "Can't change root."); goto bad; } + free(chroot_dir); + free(cd_dir); } else if (chdir(pw->pw_dir) < 0) { if (chdir("/") < 0) { reply(530, "User %s: can't change directory to %s.", @@ -2789,5 +2799,49 @@ ctime(&now)+4, ident, remotehost, path, name, size, now - start + (now == start)); write(statfd, buf, strlen(buf)); + } +} + +/* + * Make a pointer to the chroot dir and another to the cd dir. + * The first is all the path up to the first FTP_CHROOT_SEPARATOR. + * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR, + * but prepending a '/'. + */ +static void +get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir) + char *user_home_dir; + char **chroot_dir; + char **cd_dir; +{ + char *p; + + /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR + inside user_home_dir. */ + p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR); + if (p == NULL) { + /* + * There is not FTP_CHROOT_SEPARATOR string inside + * user_home_dir. Return user_home_dir as chroot_dir, + * and "/" as cd_dir. + */ + if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = (char *) strdup("/")) == NULL) + fatal("Ran out of memory."); + } else { + /* + * Use strlen(user_home_dir) as maximun length for + * both cd_dir and chroot_dir, as both are substrings of + * user_home_dir. + */ + if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL) + fatal("Ran out of memory."); + (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir); + /* Skip FTP_CHROOT_SEPARATOR (except the last /). */ + p += strlen(FTP_CHROOT_SEPARATOR)-1; + (void) strncpy(*cd_dir, p, strlen(p)); } } --- ftpd.8.orig Fri Dec 29 12:53:21 2000 +++ ftpd.8 Fri Dec 29 12:55:51 2000 @@ -298,13 +298,14 @@ or the user is a member of a group with a group entry in this file, i.e. one prefixed with .Ql \&@ , -the session's root will be changed to the user's login directory by +the session's root will be changed to the user's login directory (up to the first /./) by .Xr chroot 2 as for an .Dq anonymous or .Dq ftp account (see next item). +The user is placed into the directory that remainds after stripping the former from the user's login directory. This facility may also be triggered by enabling the boolean "ftp-chroot" capability in .Xr login.conf 5 . --ELM978611632-98677-0_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101041233.JAA57529>