Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jan 2001 03:56:06 +0000 (GMT)
From:      George Reid <greid@ukug.uk.freebsd.org>
To:        me@me.me.com
Cc:        freebsd-bugs@freebsd.org
Subject:   Re: misc/24034: "CWD" discloses the full "real" path in a chroot environment (freebsd 4.2-stable aprox december 11th)
Message-ID:  <Pine.BSF.4.21.0101030354330.29361-100000@sobek.openirc.co.uk>
In-Reply-To: <200101030326.f033QDa61649@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, 2 Jan 2001 me@me.me.com wrote:

> >Description:
> A user in the /etc/ftpchroot file shouldn't be able to disclose the "Real" directory they are in.
> >How-To-Repeat:
> 1) Connect to a freebsd ftp server /w a valid account that is chrooted (i.e. the ftp "/" directory is really "/somedir/whatever/")
> 2) "CWD" will show you 550 CWD /somedir/whatever/[servername]: no such file or directory

This patch fixes:

Index: ftpcmd.y
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.19
diff -u -r1.19 ftpcmd.y
--- ftpcmd.y	2000/12/16 19:19:19	1.19
+++ ftpcmd.y	2001/01/03 03:52:35
@@ -76,6 +76,7 @@
 extern	int logged_in;
 extern	struct passwd *pw;
 extern	int guest;
+extern	int dochroot;
 extern 	int paranoid;
 extern	int logging;
 extern	int type;
@@ -505,7 +506,7 @@
 	| CWD check_login CRLF
 		{
 			if ($2) {
-				if (guest)
+				if (guest || dochroot)
 					cwd("/");
 				else
 					cwd(pw->pw_dir);



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101030354330.29361-100000>