Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Aug 1998 13:45:33 -0700 (PDT)
From:      Brian Tiemann <btman@ugcs.caltech.edu>
To:        stable@FreeBSD.ORG
Subject:   Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db? (fwd)
Message-ID:  <Pine.BSF.4.02.9808071344040.19350-100000@lionking.org>
next in thread | raw e-mail | index | archive | help 


	More on setpassent() ...

Brian

---------- Forwarded message ----------
Date: Fri, 7 Aug 1998 16:13:46 -0400
From: Floody <flood@evcom.net>
Reply-To: proftpd-l@evcom.net
To: Karl Pielorz <kpielorz@tdx.co.uk>,
    proftpd-l@evcom.net
Subject: Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db?

On Fri, Aug 07, 1998 at 07:02:13PM +0100, Karl Pielorz wrote:
> Floody wrote:
> 
> > Ok.  I put up a test FreeBSD 2.2.7 system.  There appears to be a libc
> > problem with the setpassent() function, which doesn't work on FreeBSD as
> > documented in the man pages (or on any other BSD).  This is the heart of
> > the problem.  There is no workaround until libc is fixed.
> > 
> > Sample code to demonstrate the problem, MUST be run as root:
> > [snip]
> 
> Hi,
> 
> OK - I've done some poking around, and it doesn't work on FreeBSD or linux :-(
> 
> Is there anything it does work on? - The unanamous decision is that it is
> because once you've 'chrooted' you can't access the root /etc directory to read
> pwd.bd
> 
> Some people have suggested a hardlink to create another 'pwd.db', others have
> suggested creating a fake pwd.db...
> 
> I'm just curious if you get this problem on all the platforms supported by
> ProFtpd?
> 
> Regards,
> 
> Karl

No, it doesn't work on Linux.  It's a bsd-ONLY libc function.  It isn't
used unless the top-level configure script detects it's availability. 
setpassent() is supposed to *force* the file descriptors associated w/
password database(s) to stay open at all times, which allows getpwent() 
and friends to work inside of a chroot() [assuming the associated files
have been previously opened]. 

I've tested this on OpenBSD, NetBSD and BSDI; all work as expected.
FreeBSD appears to be the only BSD that doesn't conform.

Irix has __pw_stayopen, which does essentially the same thing.  Linux has
no such beast, so the persistent internal routines must be used instead.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9808071344040.19350-100000>