From owner-freebsd-stable Fri Aug 7 13:46:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA19030 for freebsd-stable-outgoing; Fri, 7 Aug 1998 13:46:13 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from lionking.org (blacker-99.caltech.edu [131.215.86.99]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA18960 for ; Fri, 7 Aug 1998 13:45:51 -0700 (PDT) (envelope-from btman@ugcs.caltech.edu) Received: from localhost (btman@localhost) by lionking.org (8.9.1/8.9.1) with SMTP id NAA27249 for ; Fri, 7 Aug 1998 13:45:33 -0700 (PDT) X-Authentication-Warning: lionking.org: btman owned process doing -bs Date: Fri, 7 Aug 1998 13:45:33 -0700 (PDT) From: Brian Tiemann X-Sender: btman@lionking.org To: stable@FreeBSD.ORG Subject: Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db? (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG More on setpassent() ... Brian ---------- Forwarded message ---------- Date: Fri, 7 Aug 1998 16:13:46 -0400 From: Floody Reply-To: proftpd-l@evcom.net To: Karl Pielorz , proftpd-l@evcom.net Subject: Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db? On Fri, Aug 07, 1998 at 07:02:13PM +0100, Karl Pielorz wrote: > Floody wrote: > > > Ok. I put up a test FreeBSD 2.2.7 system. There appears to be a libc > > problem with the setpassent() function, which doesn't work on FreeBSD as > > documented in the man pages (or on any other BSD). This is the heart of > > the problem. There is no workaround until libc is fixed. > > > > Sample code to demonstrate the problem, MUST be run as root: > > [snip] > > Hi, > > OK - I've done some poking around, and it doesn't work on FreeBSD or linux :-( > > Is there anything it does work on? - The unanamous decision is that it is > because once you've 'chrooted' you can't access the root /etc directory to read > pwd.bd > > Some people have suggested a hardlink to create another 'pwd.db', others have > suggested creating a fake pwd.db... > > I'm just curious if you get this problem on all the platforms supported by > ProFtpd? > > Regards, > > Karl No, it doesn't work on Linux. It's a bsd-ONLY libc function. It isn't used unless the top-level configure script detects it's availability. setpassent() is supposed to *force* the file descriptors associated w/ password database(s) to stay open at all times, which allows getpwent() and friends to work inside of a chroot() [assuming the associated files have been previously opened]. I've tested this on OpenBSD, NetBSD and BSDI; all work as expected. FreeBSD appears to be the only BSD that doesn't conform. Irix has __pw_stayopen, which does essentially the same thing. Linux has no such beast, so the persistent internal routines must be used instead. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message