From owner-freebsd-bugs Mon May 18 13:24:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA23802 for freebsd-bugs-outgoing; Mon, 18 May 1998 13:24:49 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA23713 for ; Mon, 18 May 1998 13:24:29 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id NAA20892; Mon, 18 May 1998 13:20:03 -0700 (PDT) Received: from gw.jmrodgers.com (gw.jmrodgers.com [205.247.224.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA22572 for ; Mon, 18 May 1998 13:20:30 -0700 (PDT) (envelope-from max@gw.jmrodgers.com) Received: (from max@localhost) by gw.jmrodgers.com (8.8.8/8.8.8) id QAA04914; Mon, 18 May 1998 16:20:00 -0400 (EDT) (envelope-from max) Message-Id: <199805182020.QAA04914@gw.jmrodgers.com> Date: Mon, 18 May 1998 16:20:00 -0400 (EDT) From: meuston@jmrodgers.com Reply-To: meuston@jmrodgers.com To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/6682: [Patch] ftpd(8) does not check default group in config files Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 6682 >Category: bin >Synopsis: [Patch] ftpd(8) does not check default group in config files >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 18 13:20:01 PDT 1998 >Last-Modified: >Originator: Max Euston >Organization: >Release: FreeBSD 2.2.5-STABLE i386 >Environment: -STABLE (and -CURRENT w/ offset=7 lines) >Description: ftpd(8) allows '@gname' in /etc/ftpusers and /etc/ftpchroot to specify that group name 'gname' is A) not allowed to login or B) required to chroot to their home directory respectively. The program however, ONLY checks supplementary group names (in /etc/group), and NOT the default group (in /etc/passwd). [I have marked this PR "serious/high" since it is likely that there are other systems configured as mine was (until recently) that mistakenly either A) allowed unauthorized logins or B) allowed restricted users enhanced access.] >How-To-Repeat: Add an entry to /etc/ftpusers or /etc/ftpchroot and then 'vipw' to add a new user in the specified group. Try to ftp with that user id. >Fix: diff -u /usr/src/libexec/ftpd/ftpd.c ./ftpd.c --- /usr/src/libexec/ftpd/ftpd.c Fri Feb 20 17:19:38 1998 +++ ./ftpd.c Mon May 18 14:35:40 1998 @@ -234,7 +234,7 @@ #endif static void ack __P((char *)); static void myoob __P((int)); -static int checkuser __P((char *, char *)); +static int checkuser __P((char *, char *, int)); static FILE *dataconn __P((char *, off_t, char *)); static void dolog __P((struct sockaddr_in *)); static char *curdir __P((void)); @@ -777,8 +777,8 @@ guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { - if (checkuser(_PATH_FTPUSERS, "ftp") || - checkuser(_PATH_FTPUSERS, "anonymous")) + if (checkuser(_PATH_FTPUSERS, "ftp", 0) || + checkuser(_PATH_FTPUSERS, "anonymous", 0)) reply(530, "User %s access denied.", name); #ifdef VIRTUAL_HOSTING else if ((pw = sgetpwnam(thishost->anonuser)) != NULL) { @@ -809,7 +809,7 @@ break; endusershell(); - if (cp == NULL || checkuser(_PATH_FTPUSERS, name)) { + if (cp == NULL || checkuser(_PATH_FTPUSERS, name, 1)) { reply(530, "User %s access denied.", name); if (logging) syslog(LOG_NOTICE, @@ -840,9 +840,10 @@ * Check if a user is in the file "fname" */ static int -checkuser(fname, name) +checkuser(fname, name, pwset) char *fname; char *name; + int pwset; { FILE *fd; int found = 0; @@ -863,6 +864,14 @@ if ((grp = getgrnam(line+1)) == NULL) continue; + /* + * Check user's default group + */ + if (pwset && grp->gr_gid == pw->pw_gid) + found = 1; + /* + * Check supplementary groups + */ while (!found && grp->gr_mem[i]) found = strcmp(name, grp->gr_mem[i++]) @@ -1009,7 +1018,7 @@ #ifdef LOGIN_CAP /* Allow login.conf configuration as well */ login_getcapbool(lc, "ftp-chroot", 0) || #endif - checkuser(_PATH_FTPCHROOT, pw->pw_name); + checkuser(_PATH_FTPCHROOT, pw->pw_name, 1); if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message