'[Proftpd-user] <Directory /*> parse problems following 1.2.8p upgrade'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-users
Subject:    [Proftpd-user] <Directory /*> parse problems following 1.2.8p upgrade
From:       Dallas N Antley <dna+proftp () clas ! ufl ! edu>
Date:       2003-09-26 20:25:16
[Download RAW message or body]

My apologies if this has already been covered.  I examined the last
couple months of mailing-list archives, and I found some similar bug
reports, but no obvious solution.

Version: ProFTPd 1.2.8p
OS:	 Solaris 8/SPARC

After previously running 1.2.1 with no problems, I upgraded to 1.2.8p
to fix the announced security vulnerability.  Since this is a
restricted-access server, I use <Directory> directives to limit their
access to particular directories -- their home directory and our web
vhost directories.

| <Directory ~>
|         AllowAll
|         AllowOverwrite          on
|         Umask 077
|         <Limit ALL>
|                 AllowAll
|         </Limit>
| </Directory>
| <Directory /*>
|         HideNoAccess            on
|         AllowOverwrite          off
|         <Limit ALL>
|                 DenyAll
|                 IgnoreHidden    on
|         </Limit>
| </Directory>
| <Directory /home>
|         HideNoAccess            on
|         <Limit CWD CDUP DIRS>
|                 AllowAll
|                 IgnoreHidden    on
|         </Limit>
| </Directory>
| <Directory /web>
|         AllowAll
|         HideNoAccess            on
|         Umask 002
|         AllowOverwrite          on
|         <Limit ALL>
|                 AllowAll
|                 IgnoreHidden    on
|         </Limit>
| </Directory>

The above config would allow the users' FTP client to:

| CWD /
| NLST
| CWD /web
| NLST
| CWD /web/unit1
| NLST

The 'CWD /; NLST' is the important part.  FTP programs like Fetch
(MacOS) want to browse the filesystem, and this config meant they
wouldn't see the entire filesystem -- just "/home" and "/web".

| ftp> cd /
| 250 CWD command successful.
| ftp> ls
| 200 PORT command successful
| 150 Opening ASCII mode data connection for file list
| home
| web
| 226 Transfer complete.

Unfortunately, with the new 1.2.8p, they now get:

| ftp> cd /
| 550 /: No such file or directory

In other words, ProFTP now treats "<Directory />" as equivalent to
"<Directory /*>".  

I don't want to restrict '/', but I want to restrict all directories
under '/', which I can then un-restrict via additional <Directory>
commands.  Am I missing a new configuration option, or is this a bug?

Please let me know if I can provide any additional information.  

Thank you for your time.

			Dallas


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
ProFTPD Users List   <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic