Date: Fri, 7 Aug 1998 13:45:33 -0700 (PDT) From: Brian Tiemann <btman@ugcs.caltech.edu> To: stable@FreeBSD.ORG Subject: Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db? (fwd) Message-ID: <Pine.BSF.4.02.9808071344040.19350-100000@lionking.org>
next in thread | raw e-mail | index | archive | help
More on setpassent() ... Brian ---------- Forwarded message ---------- Date: Fri, 7 Aug 1998 16:13:46 -0400 From: Floody <flood@evcom.net> Reply-To: proftpd-l@evcom.net To: Karl Pielorz <kpielorz@tdx.co.uk>, proftpd-l@evcom.net Subject: Re: [proftpd-l] New ProFTPd user - Security, Incoming and pwd.db? On Fri, Aug 07, 1998 at 07:02:13PM +0100, Karl Pielorz wrote: > Floody wrote: > > > Ok. I put up a test FreeBSD 2.2.7 system. There appears to be a libc > > problem with the setpassent() function, which doesn't work on FreeBSD as > > documented in the man pages (or on any other BSD). This is the heart of > > the problem. There is no workaround until libc is fixed. > > > > Sample code to demonstrate the problem, MUST be run as root: > > [snip] > > Hi, > > OK - I've done some poking around, and it doesn't work on FreeBSD or linux :-( > > Is there anything it does work on? - The unanamous decision is that it is > because once you've 'chrooted' you can't access the root /etc directory to read > pwd.bd > > Some people have suggested a hardlink to create another 'pwd.db', others have > suggested creating a fake pwd.db... > > I'm just curious if you get this problem on all the platforms supported by > ProFtpd? > > Regards, > > Karl No, it doesn't work on Linux. It's a bsd-ONLY libc function. It isn't used unless the top-level configure script detects it's availability. setpassent() is supposed to *force* the file descriptors associated w/ password database(s) to stay open at all times, which allows getpwent() and friends to work inside of a chroot() [assuming the associated files have been previously opened]. I've tested this on OpenBSD, NetBSD and BSDI; all work as expected. FreeBSD appears to be the only BSD that doesn't conform. Irix has __pw_stayopen, which does essentially the same thing. Linux has no such beast, so the persistent internal routines must be used instead. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9808071344040.19350-100000>