Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Oct 1997 09:19:06 +0600 (ESS)
From:      Vasim Valejev <vasim@uddias.diaspro.com>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/4829: ftpd does not check user's gid for groups entries in ftpchroot and ftpusers
Message-ID:  <199710230319.JAA28671@uddias.diaspro.com>
Resent-Message-ID: <199710230320.UAA24135@hub.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         4829
>Category:       bin
>Synopsis:       ftpd does not check user's gid for groups entries in ftpchroot and ftpusers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 22 20:20:01 PDT 1997
>Last-Modified:
>Originator:     Vasim Valejev
>Organization:
DiasPro
>Release:        FreeBSD 2.2.2-RELEASE i386
>Environment:

	FreeBSD 2.2.2-RELEASE

>Description:

	ftpd does not chroot for users with group-id from group's entry in ftpchroot (will chroot only for usernames in /etc/ftpchroot and /etc/group)

>How-To-Repeat:


>Fix:
	

*** ftpd.c_orig	Thu Oct 23 08:36:56 1997
--- ftpd.c	Thu Oct 23 08:45:41 1997
***************
*** 848,851 ****
--- 848,852 ----
  	int found = 0;
  	char *p, line[BUFSIZ];
+ 	struct passwd *pwuser = NULL;
  
  	if ((fd = fopen(fname, "r")) != NULL) {
***************
*** 868,871 ****
--- 869,879 ----
  							grp->gr_mem[i++])
  							== 0;
+ 					if (!found)
+ 					{
+ 						if (!pwuser)
+ 							pwuser = getpwnam(name);
+ 						found = pwuser->pw_gid
+ 							== grp->gr_gid;
+ 					}
  				}
  				/*
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710230319.JAA28671>