From owner-freebsd-bugs  Tue Dec  7 21:50: 3 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id B98A215060
	for <freebsd-bugs@FreeBSD.org>; Tue,  7 Dec 1999 21:50:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id VAA39104;
	Tue, 7 Dec 1999 21:50:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D7ED514BD4; Tue,  7 Dec 1999 21:49:45 -0800 (PST)
Message-Id: <19991208054945.D7ED514BD4@hub.freebsd.org>
Date: Tue,  7 Dec 1999 21:49:45 -0800 (PST)
From: greyleaf@home.net
To: freebsd-gnats-submit@freebsd.org
X-Send-Pr-Version: www-1.0
Subject: misc/15351: Normal users can over write important system files via ftp.
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         15351
>Category:       misc
>Synopsis:       Normal users can over write important system files via ftp.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec  7 21:50:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Jim Cole
>Release:        3.2
>Organization:
>Environment:
FreeBSD loki.yggdrasill.net 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Sun Sep 12 13:45:31 MDT 1999     root@loki.yggdrasill.net:/usr/src/sys/compile/LOKI_1  i386
>Description:
It is possible, as a normal users, to use the ftp client to over write
system files with modes of 0664 and group wheel (such as log files in
/var/log). This is true for at least the stock ftp distributed with the
3.2 release.
>How-To-Repeat:
As a normal user, ftp to another UNIX machine that includes, say
/var/log/messages. Do a bin and then a get /var/log/messages At the
end of the download, there will be a message stating that the
modification time of the file couldn't be changed, however the old
file is over written. In all cases the ftp was initiated from the
user's home directory.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message