Date: Wed, 3 Jan 2001 03:56:06 +0000 (GMT) From: George Reid <greid@ukug.uk.freebsd.org> To: me@me.me.com Cc: freebsd-bugs@freebsd.org Subject: Re: misc/24034: "CWD" discloses the full "real" path in a chroot environment (freebsd 4.2-stable aprox december 11th) Message-ID: <Pine.BSF.4.21.0101030354330.29361-100000@sobek.openirc.co.uk> In-Reply-To: <200101030326.f033QDa61649@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Jan 2001 me@me.me.com wrote: > >Description: > A user in the /etc/ftpchroot file shouldn't be able to disclose the "Real" directory they are in. > >How-To-Repeat: > 1) Connect to a freebsd ftp server /w a valid account that is chrooted (i.e. the ftp "/" directory is really "/somedir/whatever/") > 2) "CWD" will show you 550 CWD /somedir/whatever/[servername]: no such file or directory This patch fixes: Index: ftpcmd.y =================================================================== RCS file: /usr/cvs/src/libexec/ftpd/ftpcmd.y,v retrieving revision 1.19 diff -u -r1.19 ftpcmd.y --- ftpcmd.y 2000/12/16 19:19:19 1.19 +++ ftpcmd.y 2001/01/03 03:52:35 @@ -76,6 +76,7 @@ extern int logged_in; extern struct passwd *pw; extern int guest; +extern int dochroot; extern int paranoid; extern int logging; extern int type; @@ -505,7 +506,7 @@ | CWD check_login CRLF { if ($2) { - if (guest) + if (guest || dochroot) cwd("/"); else cwd(pw->pw_dir); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101030354330.29361-100000>