29th May 2000 [SBWID-86]
COMMAND
/etc/ftpchroot
SYSTEMS AFFECTED
NetBSD-1.4.2 only
PROBLEM
Following is based on NetBSD Security Advisory. The chroot(2)
system call, short for "change root", restricts a process to only
be able to access a subtree of the filesystem.
/etc/ftpchroot specifies users who are allowed to log in using ftp
with a password, but are chroot'ed to their home directory,
preventing them from accessing files outside their home directory
via FTP. The incorrect fix in 1.4.2 caused the chroot call to not
occur, allowing them regular, unpriviledged access to files
outside their home directory via FTP.
This problem was originally found by Paul J. Lavoie.
SOLUTION
The fix is to back out the incorrect half of the fix. This
problem affects only NetBSD-1.4.2 and versions of NetBSD-current
between 19990930 and 19991212; it does not affect NetBSD-1.4.1 or
earlier, or versions of NetBSD-current after 19991212 or before
19990930. If you do not need to use /etc/ftpchroot, you do not
need to take any action.
If you're running NetBSD-current fetched between the above dates,
update to a newer version of NetBSD-current.
If you're runing NetBSD-1.4.2, fetch the following patch, apply
it to src/libexec/ftpd/ftpd.c using the patch(1) command, rebuild
and reinstall ftpd, and kill off any existing FTP daemons (to
ensure that any improperly granted access is revoked):
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-ftpd
Since the patch is small, it is reproduced inline here:
*** ftpd.c 1999/10/01 12:08:06 1.61.2.1
--- ftpd.c 2000/05/11 10:14:37 1.61.2.2
***************
*** 489,496 ****
if (glob == NULL || glob[0] == '#')
continue;
perm = strtok(NULL, " \t\n");
- if (perm == NULL)
- continue;
if (fnmatch(glob, name, 0) == 0) {
if (perm != NULL &&
((strcasecmp(perm, "allow") == 0) ||
--- 489,494 ----