Bug 25851
| Summary: | [patch] security hole in anonymous FTP setup script | ||
|---|---|---|---|
| Product: | Base System | Reporter: | tedm <tedm> |
| Component: | bin | Assignee: | Ceri Davies <ceri> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
tedm
2001-03-16 11:10:01 UTC
Responsible Changed From-To: freebsd-bugs->sysinstall jkh is Mr sysinstall Responsible Changed From-To: sysinstall->jkh Mr sysinstall is jkh Responsible Changed From-To: jkh->eric Eric handles these now Responsible Changed From-To: eric->freebsd-qa assign idle sysinstall bugs to freebsd-qa, as suggested by murray This patch fixes the problem by stripping the user list from each line.
--- release/sysinstall/anonFTP.c.orig Thu Sep 27 02:38:32 2001
+++ release/sysinstall/anonFTP.c Wed Jun 19 11:26:36 2002
@@ -298,7 +298,7 @@
if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) {
msgNotify("Copying password information for anon FTP.");
vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir);
- vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
+ vsystem("awk -F: '!/^#/ {if ($3 < 100) printf \"%s:%s:%s:\\n\", $1, $2, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
}
else {
-Zak
Sorry, there was an error in the previous patch.
-Zak
--- anonFTP.c.orig Thu Sep 27 02:38:32 2001
+++ anonFTP.c Wed Jun 19 15:43:02 2002
@@ -298,7 +298,7 @@
if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) {
msgNotify("Copying password information for anon FTP.");
vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir);
- vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
+ vsystem("awk -F: '!/^#/ {if ($3 < 100) printf \"%%s:%%s:%%s:\\n\", $1, $2, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
}
else {
Here is an update patch that works.
Index: anonFTP.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/sysinstall/anonFTP.c,v
retrieving revision 1.35
diff -u -r1.35 anonFTP.c
--- anonFTP.c 16 Nov 2004 19:06:42 -0000 1.35
+++ anonFTP.c 30 Dec 2005 14:31:39 -0000
@@ -299,7 +299,7 @@
vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 10 || $1 == \"ftp\")) print $0}' /etc/master.passwd > %s/etc/master.passwd", tconf.homedir);
vsystem("/usr/sbin/pwd_mkdb -d %s/etc %s/etc/master.passwd && chmod 444 %s/etc/pwd.db", tconf.homedir, tconf.homedir, tconf.homedir);
vsystem("rm -f %s/etc/master.passwd %s/etc/spwd.db", tconf.homedir, tconf.homedir);
- vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
+ vsystem("awk -F: '!/^#/ {if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) printf \"%%s:%%s:%%s:\\n\", $1, $2, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
}
else {
Responsible Changed From-To: freebsd-qa->ceri I have an updated patch for this. State Changed From-To: open->patched Patched in -HEAD, thanks. State Changed From-To: patched->closed Pulled back to RELENG_5 and RELENG_6. Thank you. |
