Date: Thu, 23 Oct 1997 09:19:06 +0600 (ESS) From: Vasim Valejev <vasim@uddias.diaspro.com> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/4829: ftpd does not check user's gid for groups entries in ftpchroot and ftpusers Message-ID: <199710230319.JAA28671@uddias.diaspro.com> Resent-Message-ID: <199710230320.UAA24135@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4829
>Category: bin
>Synopsis: ftpd does not check user's gid for groups entries in ftpchroot and ftpusers
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 22 20:20:01 PDT 1997
>Last-Modified:
>Originator: Vasim Valejev
>Organization:
DiasPro
>Release: FreeBSD 2.2.2-RELEASE i386
>Environment:
FreeBSD 2.2.2-RELEASE
>Description:
ftpd does not chroot for users with group-id from group's entry in ftpchroot (will chroot only for usernames in /etc/ftpchroot and /etc/group)
>How-To-Repeat:
>Fix:
*** ftpd.c_orig Thu Oct 23 08:36:56 1997
--- ftpd.c Thu Oct 23 08:45:41 1997
***************
*** 848,851 ****
--- 848,852 ----
int found = 0;
char *p, line[BUFSIZ];
+ struct passwd *pwuser = NULL;
if ((fd = fopen(fname, "r")) != NULL) {
***************
*** 868,871 ****
--- 869,879 ----
grp->gr_mem[i++])
== 0;
+ if (!found)
+ {
+ if (!pwuser)
+ pwuser = getpwnam(name);
+ found = pwuser->pw_gid
+ == grp->gr_gid;
+ }
}
/*
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710230319.JAA28671>