tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: chrooted ftpd?

>> Turns out getpwent() refuses to even _try_ to read spwd.db unless
>> geteuid() returns zero!!  And, as far as I can tell, ftpd has no way
>> to have it use anything but getpwent() to get passwords.
> I think this can be argued to be a bug, but I bet it is there to
> protect the user.

Are you talking about getpwent or ftpd?  If the latter, I disagree; I
can't see how an inability to configure any other way to get passwords
protects anyone against anything.  If the former, I might agree, given
a threat that this would defeat, but I haven't managed to come up with
any; it's not as if it'd be hard to read spwd.db directly if it somehow
accidentally became world-readable on an ordinary system.

> But if you make getpwent() to be able to read spwd.db for non-root
> users, it will probably work.

Turns out it's easier than that.

Reading the code for getpwent(), it became apparent that the only
difference between pwd.db and spwd.db is the contents - the structure
is identical.  So I just did "chmod 644 /ftp/etc/spwd.db" and then
"mv /ftp/etc/spwd.db /ftp/etc/pwd.db" and ftpd got hashes.

Hmm, I wonder if making ftpd provide its own geteuid() would work.
(Maybe, but that would make the ftpd binary unsuitable for
general-purpose  use; I'd rather avoid that too, if I can.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index