bin/60809: ftpd should not allow anonymous users to delete files
[patch]
Alexander Melkov
melkov at comptek.ru
Thu Jan 1 18:50:15 PST 2004
>Number: 60809
>Category: bin
>Synopsis: ftpd should not allow anonymous users to delete files [patch]
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 01 18:50:08 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Alexander Melkov
>Release: 4.9-STABLE
>Organization:
>Environment:
>Description:
As man ftpd says, "by default, anonymous users cannot modify existing files". Anyway, current ftpd code allows them to delete existing files, provided that access rights are correct.
This is, in effect, very much like allowing to modify.
Combining SUIDDIR and -M flag to ftpd is not a good workaround.
>How-To-Repeat:
run
/usr/libexec/ftpd -ADllS
(may be other flags, but not -m).
create mode 1777 incoming directory in appropriate location.
Using ftp client, create and then delete a file in incoming.
>Fix:
ftpd.c is 1.62.2.51
melkov:/usr/src/libexec/ftpd# diff ftpd.c.orig ftpd.c
2450c2450
< if (unlink(name) < 0) {
---
> if ((guest && noguestmod) || unlink(name) < 0) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list