[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: chrooted ftpd?
> As Christos pointed out, the traditional ftp is intended to run as
> root so it can itself do chroot() calls. Otherwise, ftpchroot isn't
> going to accomplish much.
Yeah, I came to that conclusion myself. I added code so that it
doesn't bother doing the chroot call if the string that would be passed
to it is "/", so it doesn't get gratuitous errors, but that's a frill.
For my purposes I abandoned making the user a chroot user.
>> (Turns out an entry in ftpchroot doesn't allow access without an
>> entry in ftpusers too.)
> That sounds like a condition that should be logged, because it's a
> config error. But probably it never gets as far as even opening
I'm not sure - I no longer have the trace file - but I think ktrace
said it did.
>> Turns out getpwent() refuses to even _try_ to read spwd.db unless
>> geteuid() returns zero!!
> I expect the intent was to protect fools who write their own code
> using getpwent, run it unprivileged, and try to chmod 644 to make it
> work without thought for the consequences.
Hm, possibly. It's the first scenario I've seen mentioned where that
bit of code actually protects against something.
> Seems misguided though as that grade of fool will just do chmod +s
True, but then the attacker is restricted to finding holes in said
fool's code, rather than being able to just waltz off with a copy of
spwd.db. (Admittedly, finding holes in code written by that grade of
fool is probably about as difficult as copying a mode 644 file.)
> You might be able to use nsswitch.conf to have it get passwords from
> elsewhere, although I don't think there any of the currently
> supported alternate methods are simple.
Possibly. But, as I think I mentioned upthread, I realized on reading
the code that spwd.db and pwd.db have the same structure - the code to
read the db doesn't know or care which it's reading - so I just renamed
spwd.db to pwd.db and made it mode 644. It's an additional step every
time something needs to change the ftp root's master.passwd, but that's
acceptable in this case.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Main Index |
Thread Index |