From owner-freebsd-questions Tue Oct 24 16:49:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 329F637B479 for ; Tue, 24 Oct 2000 16:49:18 -0700 (PDT) Received: from hades.hell.gr (patr530-b087.otenet.gr [195.167.121.215]) by athserv.otenet.gr (8.10.1/8.10.1) with ESMTP id e9ONkPJ10266; Wed, 25 Oct 2000 02:46:27 +0300 (EET DST) Received: by hades.hell.gr (Postfix, from userid 1001) id 590B928B00; Wed, 25 Oct 2000 02:47:07 +0300 (EEST) Date: Wed, 25 Oct 2000 02:47:07 +0300 From: Giorgos Keramidas To: David Harnick-Shapiro Cc: John.Place@rrd.com, freebsd-questions@FreeBSD.ORG Subject: Re: Anonymous FTP and Symlinks Message-ID: <20001025024707.A13508@hades.hell.gr> References: <20001024235125.B6932@hades.hell.gr> <200010242304.QAA26853@irv1-mail2.intelenet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010242304.QAA26853@irv1-mail2.intelenet.net>; from davidhs@intelenet.net on Tue, Oct 24, 2000 at 04:04:25PM -0700 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Oct 24, 2000 at 04:04:25PM -0700, David Harnick-Shapiro wrote: > > I may have missed something here, but why not just use relative, > instead of absolute, symlinks? As long as the target file and > the directory you're ftp-ing from have the same relationship to > each other under the "real" root and the chroot-ed root, that > should work. > > For example, if /home/user1/ftpdir/mylink is a symlink to > "/home/user2/ftpdir/realfile", and you chroot to /home, that > path breaks. But if mylink is a symlink to > ../../user2/ftpdir/realfile, that path works in both cases. > (In the normal case, ../.. is "/home", and in the chrooted case, > ../.. is "/", but it works in each case.) I think you do miss a point here. When you chroot("/home/ftp"), then your `/' directory becomes /home/ftp. One of the interesting properties of / as a directory is that `.' and `..' are the very same thing, i.e. no matter how many times you `cd ..' when you are in /, you remain in that same / directory. This means that if you chroot("/home/ftp"), and you find a link named "doc" in there that points to a relative path of "../charon/doc", the two ".." dots are effectively meaningless after you chroot, and "../charon/doc" is in fact a pointer to "./charon/doc" which of course does not exist within the chrooted environment. To back my claims up, I tested this in my 4.1.1 installation: # cd ~ftp # ln -s ../charon/doc % ftp localhost Connected to localhost. 220 localhost FTP server (Version 6.00LS) ready. Name (localhost:charon): ftp 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 150 Opening ASCII mode data connection for '/bin/ls'. total 3 dr-xr-xr-x 2 root wheel 512 Oct 18 21:30 bin lrwxr-xr-x 1 root wheel 13 Oct 24 23:40 doc -> ../charon/doc dr-xr-xr-x 2 root wheel 512 Oct 19 22:49 etc dr-xr-xr-x 5 root wheel 512 Oct 19 22:48 pub 226 Transfer complete. ftp> cd doc 550 doc: No such file or directory. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message