From owner-freebsd-bugs  Tue Jan 15  3:10: 8 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8CDC537B402
	for <freebsd-bugs@hub.freebsd.org>; Tue, 15 Jan 2002 03:10:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0FBA1f26702;
	Tue, 15 Jan 2002 03:10:01 -0800 (PST)
	(envelope-from gnats)
Date: Tue, 15 Jan 2002 03:10:01 -0800 (PST)
Message-Id: <200201151110.g0FBA1f26702@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Ruslan Ermilov <ru@FreeBSD.org>
Subject: Re: misc/33910: user uploading files somehow overwrote /dev/null
Reply-To: Ruslan Ermilov <ru@FreeBSD.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/33910; it has been noted by GNATS.

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Russell Lahti <rjl@logicalhost.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: misc/33910: user uploading files somehow overwrote /dev/null
Date: Tue, 15 Jan 2002 13:01:54 +0200

 On Mon, Jan 14, 2002 at 09:00:01PM -0800, Russell Lahti wrote:
 > 
 > /dev/null was now owned by his username, and basically broke the
 > whole machine until I remade /dev/null.
 > 
 > %ls -al /dev/null
 > -rw-r--r--   1 username   usergroup        29 Jan  7 07:31 null
 > 
 > Nobody else had access to his username, and the only way he had
 > accessed the system was with an ftp client and the machine is running stock ftpd.  I checked all of my logs extensively and nothing seems to be out of place.  The ftp transfer log doesn't contain anything relating to that PID, but the time frame does fit exactly for when
 > the file was over-written:
 > 
 > Jan  7 00:28:34 srv4 ftpd[91324]: delete /usr/home/username/www/user.html
 > ** file was over-written here**
 > Jan  7 00:28:48 srv4 ftpd[91609]: connection from internal (192.168.1.125)
 > 
 An owner of the /dev directory (or any user that has write permission)
 may delete /dev/null entry and create a regular file in place of it.
 Please verify that the ownership and permissions are set correctly for
 /dev.
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message