From owner-freebsd-audit  Thu Jan  4  4:34:37 2001
From owner-freebsd-audit@FreeBSD.ORG  Thu Jan  4 04:34:33 2001
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id BCAF537B400
	for <audit@FreeBSD.ORG>; Thu,  4 Jan 2001 04:34:31 -0800 (PST)
Received: (from fpscha@localhost)
	by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA57529;
	Thu, 4 Jan 2001 09:33:53 -0300 (ART)
From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar>
Message-Id: <200101041233.JAA57529@ns1.via-net-works.net.ar>
Subject: Re: Proposed modification to ftpd
In-Reply-To: <3A5345CF.7AAB96A@colltech.com> "from Daniel Hagan at Jan 3, 2001
 10:31:27 am"
To: Daniel Hagan <dhagan@colltech.com>
Date: Thu, 4 Jan 2001 09:33:52 -0300 (ART)
Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>,
	Warner Losh <imp@bsdimp.com>, Roman Shterenzon <roman@xpert.com>,
	audit@FreeBSD.ORG
Reply-To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>
X-Mailer: ELM [version 2.4ME+ PL82 (25)]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=ELM978611632-98677-0_
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--ELM978611632-98677-0_
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1

En un mensaje anterior, Daniel Hagan escribió:
> [-security trimmed]
> 
> Would you mind posting a copy of the new patch, or a URL link to it? 
> I'd like to see what is actually being proposed for the change.

Sure. I'm attaching it.

Regards.




Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA

--ELM978611632-98677-0_
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: attachment; filename=ftpd.patch

--- ftpd.c.orig	Mon Oct 23 17:57:54 2000
+++ ftpd.c	Fri Dec 29 13:36:23 2000
@@ -185,6 +185,9 @@
 
 char	*pid_file = NULL;
 
+/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */
+#define FTP_CHROOT_SEPARATOR	"/./"
+
 /*
  * Timeout intervals for retrying connections
  * to hosts that don't accept PORT cmds.  This
@@ -248,6 +251,7 @@
 static char	*sgetsave __P((char *));
 static void	 reapchild __P((int));
 static void      logxfer __P((char *, long, long));
+static void      get_chroot_and_cd_dirs __P((char *, char **, char **));
 
 static char *
 curdir()
@@ -1168,6 +1172,7 @@
 {
 	int rval;
 	FILE *fd;
+	char *cd_dir, *chroot_dir;
 #ifdef	LOGIN_CAP
 	login_cap_t *lc = NULL;
 #endif
@@ -1291,10 +1296,15 @@
 			goto bad;
 		}
 	} else if (dochroot) {
-		if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+		get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir);
+		if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) {
+			free(chroot_dir);
+			free(cd_dir);
 			reply(550, "Can't change root.");
 			goto bad;
 		}
+		free(chroot_dir);
+		free(cd_dir);
 	} else if (chdir(pw->pw_dir) < 0) {
 		if (chdir("/") < 0) {
 			reply(530, "User %s: can't change directory to %s.",
@@ -2789,5 +2799,49 @@
 			ctime(&now)+4, ident, remotehost,
 			path, name, size, now - start + (now == start));
 		write(statfd, buf, strlen(buf));
+	}
+}
+
+/*
+ * Make a pointer to the chroot dir and another to the cd dir.
+ * The first is all the path up to the first FTP_CHROOT_SEPARATOR.
+ * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR,
+ * but prepending a '/'.
+ */
+static void
+get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir)
+	char *user_home_dir;
+	char **chroot_dir;
+	char **cd_dir;
+{
+	char *p;
+
+	/* Make a pointer to first character of string FTP_CHROOT_SEPARATOR
+	   inside user_home_dir. */
+	p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR);
+	if (p == NULL) {
+		 /*
+		  * There is not FTP_CHROOT_SEPARATOR string inside
+		  * user_home_dir. Return user_home_dir as chroot_dir,
+		  * and "/" as cd_dir.
+		  */
+		 if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL)
+			fatal("Ran out of memory.");
+		 if ((*cd_dir = (char *) strdup("/")) == NULL)
+			fatal("Ran out of memory.");
+	} else {
+		 /*
+		  * Use strlen(user_home_dir) as maximun length for
+		  * both cd_dir and chroot_dir, as both are substrings of
+		  * user_home_dir.
+		  */
+		 if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL)
+			fatal("Ran out of memory.");
+		 if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL)
+			fatal("Ran out of memory.");
+		 (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir);
+		 /* Skip FTP_CHROOT_SEPARATOR (except the last /). */
+		 p += strlen(FTP_CHROOT_SEPARATOR)-1;
+		 (void) strncpy(*cd_dir, p, strlen(p));
 	}
 }
--- ftpd.8.orig	Fri Dec 29 12:53:21 2000
+++ ftpd.8	Fri Dec 29 12:55:51 2000
@@ -298,13 +298,14 @@
 or the user is a member of a group with a group entry in this file,
 i.e. one prefixed with
 .Ql \&@ ,
-the session's root will be changed to the user's login directory by
+the session's root will be changed to the user's login directory (up to the first /./) by
 .Xr chroot 2
 as for an
 .Dq anonymous
 or
 .Dq ftp
 account (see next item).
+The user is placed into the directory that remainds after stripping the former from the user's login directory.
 This facility may also be triggered by enabling the boolean "ftp-chroot"
 capability in
 .Xr login.conf 5 .

--ELM978611632-98677-0_--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message