Date: Thu, 4 Jan 2001 09:33:52 -0300 (ART) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: Daniel Hagan <dhagan@colltech.com> Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, Warner Losh <imp@bsdimp.com>, Roman Shterenzon <roman@xpert.com>, audit@FreeBSD.ORG Subject: Re: Proposed modification to ftpd Message-ID: <200101041233.JAA57529@ns1.via-net-works.net.ar> In-Reply-To: <3A5345CF.7AAB96A@colltech.com> "from Daniel Hagan at Jan 3, 2001 10:31:27 am"
next in thread | previous in thread | raw e-mail | index | archive | help
--ELM978611632-98677-0_
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
En un mensaje anterior, Daniel Hagan escribió:
> [-security trimmed]
>
> Would you mind posting a copy of the new patch, or a URL link to it?
> I'd like to see what is actually being proposed for the change.
Sure. I'm attaching it.
Regards.
Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
--ELM978611632-98677-0_
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: attachment; filename=ftpd.patch
--- ftpd.c.orig Mon Oct 23 17:57:54 2000
+++ ftpd.c Fri Dec 29 13:36:23 2000
@@ -185,6 +185,9 @@
char *pid_file = NULL;
+/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */
+#define FTP_CHROOT_SEPARATOR "/./"
+
/*
* Timeout intervals for retrying connections
* to hosts that don't accept PORT cmds. This
@@ -248,6 +251,7 @@
static char *sgetsave __P((char *));
static void reapchild __P((int));
static void logxfer __P((char *, long, long));
+static void get_chroot_and_cd_dirs __P((char *, char **, char **));
static char *
curdir()
@@ -1168,6 +1172,7 @@
{
int rval;
FILE *fd;
+ char *cd_dir, *chroot_dir;
#ifdef LOGIN_CAP
login_cap_t *lc = NULL;
#endif
@@ -1291,10 +1296,15 @@
goto bad;
}
} else if (dochroot) {
- if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir);
+ if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) {
+ free(chroot_dir);
+ free(cd_dir);
reply(550, "Can't change root.");
goto bad;
}
+ free(chroot_dir);
+ free(cd_dir);
} else if (chdir(pw->pw_dir) < 0) {
if (chdir("/") < 0) {
reply(530, "User %s: can't change directory to %s.",
@@ -2789,5 +2799,49 @@
ctime(&now)+4, ident, remotehost,
path, name, size, now - start + (now == start));
write(statfd, buf, strlen(buf));
+ }
+}
+
+/*
+ * Make a pointer to the chroot dir and another to the cd dir.
+ * The first is all the path up to the first FTP_CHROOT_SEPARATOR.
+ * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR,
+ * but prepending a '/'.
+ */
+static void
+get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir)
+ char *user_home_dir;
+ char **chroot_dir;
+ char **cd_dir;
+{
+ char *p;
+
+ /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR
+ inside user_home_dir. */
+ p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR);
+ if (p == NULL) {
+ /*
+ * There is not FTP_CHROOT_SEPARATOR string inside
+ * user_home_dir. Return user_home_dir as chroot_dir,
+ * and "/" as cd_dir.
+ */
+ if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL)
+ fatal("Ran out of memory.");
+ if ((*cd_dir = (char *) strdup("/")) == NULL)
+ fatal("Ran out of memory.");
+ } else {
+ /*
+ * Use strlen(user_home_dir) as maximun length for
+ * both cd_dir and chroot_dir, as both are substrings of
+ * user_home_dir.
+ */
+ if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL)
+ fatal("Ran out of memory.");
+ if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL)
+ fatal("Ran out of memory.");
+ (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir);
+ /* Skip FTP_CHROOT_SEPARATOR (except the last /). */
+ p += strlen(FTP_CHROOT_SEPARATOR)-1;
+ (void) strncpy(*cd_dir, p, strlen(p));
}
}
--- ftpd.8.orig Fri Dec 29 12:53:21 2000
+++ ftpd.8 Fri Dec 29 12:55:51 2000
@@ -298,13 +298,14 @@
or the user is a member of a group with a group entry in this file,
i.e. one prefixed with
.Ql \&@ ,
-the session's root will be changed to the user's login directory by
+the session's root will be changed to the user's login directory (up to the first /./) by
.Xr chroot 2
as for an
.Dq anonymous
or
.Dq ftp
account (see next item).
+The user is placed into the directory that remainds after stripping the former from the user's login directory.
This facility may also be triggered by enabling the boolean "ftp-chroot"
capability in
.Xr login.conf 5 .
--ELM978611632-98677-0_--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101041233.JAA57529>