From owner-freebsd-bugs  Wed Oct 22 20:20:04 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA24162
          for bugs-outgoing; Wed, 22 Oct 1997 20:20:04 -0700 (PDT)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA24135;
          Wed, 22 Oct 1997 20:20:02 -0700 (PDT)
          (envelope-from gnats)
Resent-Date: Wed, 22 Oct 1997 20:20:02 -0700 (PDT)
Resent-Message-Id: <199710230320.UAA24135@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, vasim@uddias.diaspro.com
Received: from uddias.diaspro.com (vasim@uddias.diaspro.com [194.84.211.1])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA24078
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Oct 1997 20:19:44 -0700 (PDT)
          (envelope-from vasim@uddias.diaspro.com)
Received: (from vasim@localhost)
	by uddias.diaspro.com (8.8.7/8.8.7) id JAA28671;
	Thu, 23 Oct 1997 09:19:06 +0600 (ESS)
Message-Id: <199710230319.JAA28671@uddias.diaspro.com>
Date: Thu, 23 Oct 1997 09:19:06 +0600 (ESS)
From: Vasim Valejev <vasim@uddias.diaspro.com>
Reply-To: vasim@uddias.diaspro.com
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/4829: ftpd does not check user's gid for groups entries in ftpchroot and ftpusers
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         4829
>Category:       bin
>Synopsis:       ftpd does not check user's gid for groups entries in ftpchroot and ftpusers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 22 20:20:01 PDT 1997
>Last-Modified:
>Originator:     Vasim Valejev
>Organization:
DiasPro
>Release:        FreeBSD 2.2.2-RELEASE i386
>Environment:

	FreeBSD 2.2.2-RELEASE

>Description:

	ftpd does not chroot for users with group-id from group's entry in ftpchroot (will chroot only for usernames in /etc/ftpchroot and /etc/group)

>How-To-Repeat:


>Fix:
	

*** ftpd.c_orig	Thu Oct 23 08:36:56 1997
--- ftpd.c	Thu Oct 23 08:45:41 1997
***************
*** 848,851 ****
--- 848,852 ----
  	int found = 0;
  	char *p, line[BUFSIZ];
+ 	struct passwd *pwuser = NULL;
  
  	if ((fd = fopen(fname, "r")) != NULL) {
***************
*** 868,871 ****
--- 869,879 ----
  							grp->gr_mem[i++])
  							== 0;
+ 					if (!found)
+ 					{
+ 						if (!pwuser)
+ 							pwuser = getpwnam(name);
+ 						found = pwuser->pw_gid
+ 							== grp->gr_gid;
+ 					}
  				}
  				/*
>Audit-Trail:
>Unformatted: