Date: Tue, 15 Sep 1998 18:47:37 PDT From: Bill Fenner <fenner@parc.xerox.com> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7943: ftpd: ~ is ~root! Message-ID: <199809160147.SAA00908@mango.parc.xerox.com>
next in thread | raw e-mail | index | archive | help
>Number: 7943 >Category: bin >Synopsis: ftpd: ~ is ~root! >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 15 18:50:00 PDT 1998 >Last-Modified: >Originator: Bill Fenner >Organization: Xerox >Release: FreeBSD 2.2.6-RELEASE i386 >Environment: FreeBSD 2.2.6 >Description: ftpd makes sure to set $HOME in the environment so that glob() can glob ~ correctly. However, glob() ignores the environment if issetugid(), and ftpd setuid()'s to the user so issetugid() is true. >How-To-Repeat: ftp freebsd-machine log in cd / cd ~ pwd >Fix: have ftpd setlogin(), so that the other method of globbing ~ works. inetd has already done setsid(), so asking setusercontext() to setlogin() is safe (I think!). --- /usr/src/libexec/ftpd/ftpd.c Wed Dec 24 11:13:47 1997 +++ ftpd.c Tue Sep 15 18:47:06 1998 @@ -988,7 +988,8 @@ } } setusercontext(lc, pw, (uid_t)0, - LOGIN_SETGROUP|LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| + LOGIN_SETRESOURCES|LOGIN_SETUMASK); #else (void) initgroups(pw->pw_name, pw->pw_gid); #endif @@ -1037,12 +1038,6 @@ reply(550, "Can't set uid."); goto bad; } - - /* - * Set home directory so that use of ~ (tilde) works correctly. - */ - if (getcwd(homedir, MAXPATHLEN) != NULL) - setenv("HOME", homedir, 1); /* * Display a login message, if it exists. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809160147.SAA00908>