[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: Chroot in ftpd on newer kernel versions
From:       Rob Landley <rob () landley ! net>
Date:       2012-10-07 23:37:12
Message-ID: CAOS_Y6S9AaG90jn-k_uLt2NLEiqBbFo4w_7vvQUmvjBUZpZQRQ () mail ! gmail ! com
[Download RAW message or body]

On Sun, Oct 7, 2012 at 2:14 AM, Harald Becker <ralda@gmx.de> wrote:
> Hi Rob !
>
>>Yeah, I fixed that for Aboriginal Linux back in August, here's my
>>patch:
>>
>>http://landley.net/hg/aboriginal/file/1535/sources/patches/busybox-ftpd.patch
>
> This hits my intention ... but why getpid? Doesn't this return always
> none zero process id? Did you mean getuid, which makes more sence?

Yup. It was a quick 5 minute "get it working again" hack. There's a
reason I never sent it here. (Also partly because I thought the
behavior change of taking away the ability to select a default
directory for everybody but root was an intentional if unannounced
design change. And because I had a chronic shortage of time/energy
during my year working at polycom, and still have a week in The
Cubicle I can start catching up on anything else.)

> In addition I suggest dropping the user privileges to a specific user
> (e.g. ftp) if run as root. Something like this (untested):
>
> if (!getuid())
> {
>   xchroot(".");
>   xget_uidgid(&ugid, "ftp");
>   xsetgid(ugid.gid);
>   xsetuid(ugid.uid);
> }

Good luck. I'm not running it as root...

Rob
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]