Bugtraq mailing list archives
wu-ftpd beta 13 Upload Ownership/Permissions Bug
From: mbrennen () fni com (Michael Brennen)
Date: Thu, 19 Jun 1997 23:55:52 -0500
There is a potentially serious bug in ftpd.c in wu-ftpd beta 13. I have no idea if it exists in previous betas. I don't think this was a problem in beta 11, but I've not kept any older source. If you are not running beta 13, check this against your source. During anonymous login, the /./ is not clipped off the struct passwd pw->pw_dir field that is saved as the chroot directory in ftpd.c. Because the /./ is still on the end of the pw->pw_dir field, upl_check() 'upload' directive processing will fail in extensions.c because the file name paths will not compare. It is highly unlikely that the upload directive root path would also have the /./ on the end. If upload directive processing fails for the anonymous user, sites that depend on upload directives to properly set incoming file permissions could find their site security compromised. For example, it is fairly common to set incoming files to not be readable to the anonymous user; this prevents files from being traded through an anonymous site without the permission of the owner. With this bug, all uploaded files are owned by the anonymous user, with default permissions set by CMASK. The patch below is my version of a fix. In testing so far it has fixed the problem. It may apply with an offset of 1; I'm not sure my ftpd.c source is pristine. The patch has been sent to academ.com. -- Michael --- ftpd.c.orig Thu Jun 19 22:59:21 1997 +++ ftpd.c Thu Jun 19 23:01:26 1997 @@ -1560,12 +1560,7 @@ pw->pw_dir = sgetsave(virtual_root); } #endif - if (anonymous) { - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { - reply(550, "Can't set guest privileges."); - goto bad; - } - } else if (guest) { + if (anonymous || guest) { char *sp; /* determine root and home directory */
Current thread:
- wu-ftpd beta 13 Upload Ownership/Permissions Bug PLaGuEZ (Jan 01)
- listserv buffer overflow(s) Tom Guptill (Jun 20)
- <Possible follow-ups>
- wu-ftpd beta 13 Upload Ownership/Permissions Bug Michael Brennen (Jun 19)
- Re: wu-ftpd beta 13 Upload Ownership/Permissions Bug Robert Zilbauer (Jun 20)