Bug 198938

Summary: ftp/proftpd bug, chroot does not allow for access to or creation of folders named 'lib'
Product: Ports & Packages Reporter: Paul Macdonald <paul>
Component: Individual Port(s)Assignee: Martin Matuska <mm>
Status: Open ---    
Severity: Affects Many People CC: 000.fbsd, pi, w.schwarzenfeld
Priority: ---    
Version: Latest   
Hardware: amd64   
OS: Any   

Description Paul Macdonald 2015-03-26 22:53:43 UTC 
FreeBSD

Proftpd with chroot on (default root ~) does not allow for the creation of, or uploading to folders named 'lib'

Upstream

To test if this is an upstream problem with proftpd I have installed proftpd-basic_1.3.4a-5+deb7u2_armhf.deb onto a raspberry pi to test but can create and upload to 'lib' folders there.

Additional

As many wordpress plugins use such folders, this is quite problematic.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2015-03-27 02:58:42 UTC 
Fix Summary and assign.
Comment 2 Kurt Jaeger freebsd_committer freebsd_triage 2015-03-30 13:51:15 UTC 
There is a special case in src/fsio.c, mentioning

https://auscert.org.au/15286
https://auscert.org.au/15526

which basically says: We do not allow uploads to /etc and /lib if chrooted.

Those are old CERT alerts, so someone needs to check if proftpd on FreeBSD is
still vulnerable to that attack vector.
Comment 3 Paul Macdonald 2015-04-17 10:11:41 UTC 
Not a fix, but as a workaround you can give users a login to a folder above, which makes it /parent/lib instead of /lib.
Comment 4 Miroslav Lachman 2015-05-20 16:28:40 UTC 
It is sad, because we have hundereds of domains (FTP users) on our servers using ProFTPd, so we can not change directory layout and some of our clients are using ~/lib/ for libraries of PHP webapplications for many years - and now are inaccessible.
Comment 5 Walter Schwarzenfeld freebsd_triage 2018-01-12 21:54:25 UTC 
Is this still relevant?
Comment 6 Miroslav Lachman 2018-01-12 22:58:29 UTC 
(In reply to w.schwarzenfeld from comment #5)
Yes, it is still relevant for proftpd-1.3.6

"lib" cennot be created (or accessed):

Status:	Creating directory '/lib'...
Command:	MKD lib
Response:	550 lib: Permission denied
Command:	MKD /lib
Response:	550 /lib: Permission denied


"lib2" was successfully created:

Status:	Creating directory '/lib2'...
Status:	Retrieving directory listing of "/lib2"...
Status:	Directory listing of "/lib2" successful
Comment 7 Martin Matuska freebsd_committer freebsd_triage 2019-03-19 00:11:33 UTC 
Did you consider using ftp/proftpd-mod_vroot?
http://www.castaglia.org/proftpd/modules/mod_vroot.html
Comment 8 Miroslav Lachman 2019-03-25 21:06:08 UTC 
(In reply to Martin Matuska from comment #7)
No. And from the manpage I don't know how it should be configured to use current directory layout but allow us to use "lib" directory as it was possible back in the days.
ProFTPd is causing me more and more headaches (segfaulting regularly after midnight logrotation) that I am more and more heading to switch to another FTP daemon with similar functionalities.