'[ProFTPD-committers] [Bug 2321] FTP permission checks inconsistent for DELE and RMD when symlink in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-committers
Subject:    [ProFTPD-committers] [Bug 2321] FTP permission checks inconsistent for DELE and RMD when symlink in
From:       bugzilla-daemon () horde ! net
Date:       2004-02-29 2:20:05
Message-ID: 20040229022005.195FB14029 () boost ! horde ! net
[Download RAW message or body]

http://bugs.proftpd.org/show_bug.cgi?id=2321





------- Additional Comments From glenn@more.net  2004-02-28 21:20 -------
I agree that DELE actions on a symlink are problematic.  As far as I can
tell ProFTPD does not allow the creation of a symlink.  So I would suggest
the default behaviour be to deny permission to DELE a symlink.

That is not the problem I reported.  The problem I reported was an inconsistency
in how ProFTPD checks the path on the server to locate <Directory ../> or
.ftpaccess <Limit ../> restrictions which apply to an FTP command if one of 
the directory path components is a symlink.  Most of the time it uses the
realpath other times is is using the path which has a symlink in its path.

I am not sure what the best way would be to address this.  ProFTPD should
at least be consistent.

The second problem I reported is that the DELE and RMD FTP commands deny
the DELE or RMD if a componenent in the path to the file or directory is
a symlink.  I was able to fix this by changing to using dir_check_canon 
instead of dir_check in each of their corresponding functions in mod_core.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
ProFTPD Committers Mailing List
proftpd-committers@proftpd.org
https://lists.sourceforge.net/lists/listinfo/proftp-committers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic