Bug 24034
| Summary: | "CWD" discloses the full "real" path in a chroot environment (freebsd 4.2-stable aprox december 11th) | ||
|---|---|---|---|
| Product: | Base System | Reporter: | me <me> |
| Component: | misc | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 1.0-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
me
2001-01-03 03:30:01 UTC
It looks to me like this was fixed in r. 1.18 of ftpcmd.y (2000/11/26). I can't test it to be sure, but the log messages indicate something to that effect, and the code doesn't look like it should leak anymore. Perhaps someone should roll this back into STABLE as well (r. 1.16.x.x I think)? Daniel [Reposted s/t tracked by GNATS]
This patch fixes:
Index: ftpcmd.y
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.19
diff -u -r1.19 ftpcmd.y
--- ftpcmd.y 2000/12/16 19:19:19 1.19
+++ ftpcmd.y 2001/01/03 03:52:35
@@ -76,6 +76,7 @@
extern int logged_in;
extern struct passwd *pw;
extern int guest;
+extern int dochroot;
extern int paranoid;
extern int logging;
extern int type;
@@ -505,7 +506,7 @@
| CWD check_login CRLF
{
if ($2) {
- if (guest)
+ if (guest || dochroot)
cwd("/");
else
cwd(pw->pw_dir);
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
This should probably defer to bin/23944 now, as I have a patch that addresses both issues filed to 23944. Daniel State Changed From-To: open->closed Closed in favour of bin/23944. |
