[src/trunk]: src/libexec/ftpd Treat failed chdir/chroot for guest and chroot ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b62b27ff3fa3
branches:  trunk
changeset: 380047:b62b27ff3fa3
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Jul 03 14:59:49 2021 +0000

description:
Treat failed chdir/chroot for guest and chroot accounts as fatal.
Also treat failed set{e,}(u,g}id calls as fatal.
Addresses CVE-2020-7468, via FreeBSD.

diffstat:

 libexec/ftpd/ftpd.c |  21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diffs (70 lines):

diff -r 0f75d98ab9ea -r b62b27ff3fa3 libexec/ftpd/ftpd.c
--- a/libexec/ftpd/ftpd.c       Sat Jul 03 14:08:55 2021 +0000
+++ b/libexec/ftpd/ftpd.c       Sat Jul 03 14:59:49 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ftpd.c,v 1.205 2019/10/15 18:29:32 christos Exp $      */
+/*     $NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $      */
 
 /*
  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
 #if 0
 static char sccsid[] = "@(#)ftpd.c     8.5 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: ftpd.c,v 1.205 2019/10/15 18:29:32 christos Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $");
 #endif
 #endif /* not lint */
 
@@ -1547,8 +1547,7 @@ do_pass(int pass_checked, int pass_rval,
                            "GUEST user %s: can't chdir to %s: %m",
                            pw->pw_name, homedir);
  bad_guest:
-                       reply(550, "Can't set guest privileges.");
-                       goto bad;
+                       fatal("Can't set guest privileges.");
                }
                break;
        case CLASS_CHROOT:
@@ -1571,8 +1570,7 @@ do_pass(int pass_checked, int pass_rval,
                            "CHROOT user %s: can't chdir to %s: %m",
                            pw->pw_name, homedir);
  bad_chroot:
-                       reply(550, "Can't change root.");
-                       goto bad;
+                       fatal("Can't change root.");
                }
                break;
        case CLASS_REAL:
@@ -1618,16 +1616,16 @@ do_pass(int pass_checked, int pass_rval,
                dropprivs++;
                if (setgid((gid_t)pw->pw_gid) < 0) {
                        reply(550, "Can't set gid.");
-                       goto bad;
+                       goto bad_perms;
                }
                if (setuid((uid_t)pw->pw_uid) < 0) {
                        reply(550, "Can't set uid.");
-                       goto bad;
+                       goto bad_perms;
                }
        } else {
                if (seteuid((uid_t)pw->pw_uid) < 0) {
                        reply(550, "Can't set uid.");
-                       goto bad;
+                       goto bad_perms;
                }
        }
        setenv("HOME", homedir, 1);
@@ -1686,6 +1684,11 @@ do_pass(int pass_checked, int pass_rval,
 #endif
                        /* Forget all about it... */
        end_login();
+       return;
+
+bad_perms:
+       syslog(LOG_NOTICE, "user %s: can't setuid/gid: %m", pw->pw_name);
+       fatal("Can't drop privileges.");
 }
 
 void