From owner-freebsd-bugs@FreeBSD.ORG Mon Feb 13 12:50:06 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F124D16A422 for ; Mon, 13 Feb 2006 12:50:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE92C43D49 for ; Mon, 13 Feb 2006 12:50:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1DCo4Ud078660 for ; Mon, 13 Feb 2006 12:50:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1DCo4Pq078655; Mon, 13 Feb 2006 12:50:04 GMT (envelope-from gnats) Resent-Date: Mon, 13 Feb 2006 12:50:04 GMT Resent-Message-Id: <200602131250.k1DCo4Pq078655@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Vadim S. Goncharov" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 692AD16A420 for ; Mon, 13 Feb 2006 12:45:14 +0000 (GMT) (envelope-from vadim@hostel.avtf.net) Received: from oasis.cctpu.edu.ru (oasis.cctpu.edu.ru [195.208.174.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD0CB43D48 for ; Mon, 13 Feb 2006 12:45:12 +0000 (GMT) (envelope-from vadim@hostel.avtf.net) Received: from hostel.avtf.net (hostel.avtf.net [82.117.64.190]) by oasis.cctpu.edu.ru (8.11.3/8.11.3) with ESMTP id k1DCj4W34685 for ; Mon, 13 Feb 2006 19:45:05 +0700 (KRAT) (envelope-from vadim@hostel.avtf.net) Received: from hostel.avtf.net (localhost [127.0.0.1]) by hostel.avtf.net (8.13.4/8.13.4) with ESMTP id k1DCipCc046297 for ; Mon, 13 Feb 2006 18:44:52 +0600 (NOVT) (envelope-from vadim@hostel.avtf.net) Received: (from vadim@localhost) by hostel.avtf.net (8.13.4/8.13.4/Submit) id k1DCinJS046295; Mon, 13 Feb 2006 18:44:49 +0600 (NOVT) (envelope-from vadim) Message-Id: <200602131244.k1DCinJS046295@hostel.avtf.net> Date: Mon, 13 Feb 2006 18:44:49 +0600 (NOVT) From: "Vadim S. Goncharov" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: conf/93284: Insecure placement of user ftp into operator group (.snap directories access) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Vadim S. Goncharov" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 12:50:06 -0000 >Number: 93284 >Category: conf >Synopsis: Insecure placement of user ftp into operator group (.snap directories access) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 13 12:50:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Vadim S. Goncharov >Release: FreeBSD 5.4-STABLE i386 >Organization: AVTF TPU Hostel, Tomsk, Russia >Environment: System: FreeBSD hostel.avtf.net 5.4-STABLE FreeBSD 5.4-STABLE #2: Tue Jan 31 15:05:09 NOVT 2006 vadim@hostel.avtf.net:/usr/obj/usr/src/sys/HOSTEL i386 >Description: sysinstall(8) asks (when configuring) about enabling anonymous ftp, and if so, create user ftp witf uid 14 and places it into group operator (gid 5). But UFS2 partitions after nefws by default have .snap subdirectory with root:operator ownership and mode 775. Thus, if you create separate partition for your ftp (good practice), .snap will be writeable by anonymous users, even if all other data on your ftp is in read-only public access (very bad). As a side effect, placing ftp user in such important system group as operator can have other security implications. >How-To-Repeat: Answer "yes" to question about enabling anonymous ftp and mount eralier created (at disklabel stage) UFS2 partition to /var/ftp - anonymous users will be able to write to .snap subdirectory. >Fix: Create group ftp with gid=21 and assign this group as primary for user ftp. Suggested src/conf fix is to make default separate group for ftp already in base system (and teach sysinstall about it), as it is already done with users www, news, etc. >Release-Note: >Audit-Trail: >Unformatted: