Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Jun 2002 08:40:03 -0700 (PDT)
From:      Zak Johnson <zakj@nox.cx>
To:        freebsd-qa@FreeBSD.org
Subject:   Re: misc/25851: Security hole in anonymous FTP setup script
Message-ID:  <200206191540.g5JFe3j21818@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/25851; it has been noted by GNATS.

From: Zak Johnson <zakj@nox.cx>
To: freebsd-gnats-submit@FreeBSD.org, tedm@toybox.placo.com
Cc:  
Subject: Re: misc/25851: Security hole in anonymous FTP setup script
Date: Wed, 19 Jun 2002 11:31:41 -0400

 This patch fixes the problem by stripping the user list from each line.
 
 --- release/sysinstall/anonFTP.c.orig	Thu Sep 27 02:38:32 2001
 +++ release/sysinstall/anonFTP.c	Wed Jun 19 11:26:36 2002
 @@ -298,7 +298,7 @@
  	if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) {
  	    msgNotify("Copying password information for anon FTP.");
  	    vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir);
 -	    vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
 +	    vsystem("awk -F: '!/^#/ {if ($3 < 100) printf \"%s:%s:%s:\\n\", $1, $2, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
  	    vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
  	}
  	else {
 
 -Zak

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-qa" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206191540.g5JFe3j21818>