ftpd included in FreeBSD allows remote ftp user leave chrooted (via /etc/ftpchroot) environment within the bounds of the parition. Bug also present in 5.4-RELEASE and 6.2-RELEASE (and may be in other versions) How-To-Repeat: Using default instalations, uncoment next line in /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll add line 'inetd_enable="YES"' to /etc/rc.conf and start inetd using '/etc/rc.d/inetd start' create new user, for example 'admin' and add login of this user to /etc/ftpchroot After that using any ftp client (FAR manager) connect to our ftpd as 'admin'. Create on ftp any directory and 'cd' into it. If user been in some folder (user session root changed to /home/admin) and in time this directory has been moved by another user outside chroot directory (/home/admin) within the bounds of the parition (to "/usr/local/www/data" for example). Ftp user going out directory (cd ..) leave chroot directory and grand access to files on partition.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
^Triage: I'm sorry that this PR did not get addressed in a timely fashion. By now, the version that it was created against is long out of suppoprt. Please re-open if it is still a problem on a supported version.