[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: chrooted ftpd?
>> Turns out getpwent() refuses to even _try_ to read spwd.db unless
>> geteuid() returns zero!! And, as far as I can tell, ftpd has no way
>> to have it use anything but getpwent() to get passwords.
> I think this can be argued to be a bug, but I bet it is there to
> protect the user.
Are you talking about getpwent or ftpd? If the latter, I disagree; I
can't see how an inability to configure any other way to get passwords
protects anyone against anything. If the former, I might agree, given
a threat that this would defeat, but I haven't managed to come up with
any; it's not as if it'd be hard to read spwd.db directly if it somehow
accidentally became world-readable on an ordinary system.
> But if you make getpwent() to be able to read spwd.db for non-root
> users, it will probably work.
Turns out it's easier than that.
Reading the code for getpwent(), it became apparent that the only
difference between pwd.db and spwd.db is the contents - the structure
is identical. So I just did "chmod 644 /ftp/etc/spwd.db" and then
"mv /ftp/etc/spwd.db /ftp/etc/pwd.db" and ftpd got hashes.
Hmm, I wonder if making ftpd provide its own geteuid() would work.
(Maybe, but that would make the ftpd binary unsuitable for
general-purpose use; I'd rather avoid that too, if I can.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Main Index |
Thread Index |