From owner-freebsd-bugs@FreeBSD.ORG Thu Jan 1 18:50:15 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A822516A4CF for ; Thu, 1 Jan 2004 18:50:15 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51D1943D41 for ; Thu, 1 Jan 2004 18:50:09 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i022o9FR013447 for ; Thu, 1 Jan 2004 18:50:09 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i022o9dR013446; Thu, 1 Jan 2004 18:50:09 -0800 (PST) (envelope-from gnats) Resent-Date: Thu, 1 Jan 2004 18:50:09 -0800 (PST) Resent-Message-Id: <200401020250.i022o9dR013446@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Alexander Melkov Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9B0316A4CE for ; Thu, 1 Jan 2004 18:49:39 -0800 (PST) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3B1643D1D for ; Thu, 1 Jan 2004 18:49:38 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i022ncdL042411 for ; Thu, 1 Jan 2004 18:49:38 -0800 (PST) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.10/8.12.10/Submit) id i022ncGL042410; Thu, 1 Jan 2004 18:49:38 -0800 (PST) (envelope-from nobody) Message-Id: <200401020249.i022ncGL042410@www.freebsd.org> Date: Thu, 1 Jan 2004 18:49:38 -0800 (PST) From: Alexander Melkov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.0 Subject: bin/60809: ftpd should not allow anonymous users to delete files [patch] X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2004 02:50:15 -0000 >Number: 60809 >Category: bin >Synopsis: ftpd should not allow anonymous users to delete files [patch] >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 01 18:50:08 PST 2004 >Closed-Date: >Last-Modified: >Originator: Alexander Melkov >Release: 4.9-STABLE >Organization: >Environment: >Description: As man ftpd says, "by default, anonymous users cannot modify existing files". Anyway, current ftpd code allows them to delete existing files, provided that access rights are correct. This is, in effect, very much like allowing to modify. Combining SUIDDIR and -M flag to ftpd is not a good workaround. >How-To-Repeat: run /usr/libexec/ftpd -ADllS (may be other flags, but not -m). create mode 1777 incoming directory in appropriate location. Using ftp client, create and then delete a file in incoming. >Fix: ftpd.c is 1.62.2.51 melkov:/usr/src/libexec/ftpd# diff ftpd.c.orig ftpd.c 2450c2450 < if (unlink(name) < 0) { --- > if ((guest && noguestmod) || unlink(name) < 0) { >Release-Note: >Audit-Trail: >Unformatted: