[prev in list] [next in list] [prev in thread] [next in thread] 

List:       redhat-devel
Subject:    Re: chrooted accounts
From:       Nigel Metheringham <Nigel.Metheringham () ThePLAnet ! net>
Date:       1997-09-11 10:07:41
[Download RAW message or body]

alan@lxorguk.ukuu.org.uk said:
} As far as I was aware its mostly a wu.ftpd thing - and wu.ftpd does
} seem to honour it. All we need now is RedHat to release the fixed
} wu.ftpd without the ../*/../*/../*/../*/../*/../* bug

Actually I found that troll-ftpd (which I generally prefer over wu-ftpd) 
has the same problem.

} [Needs to abort at say 500 files in the list] 

Well that can cause some problems - how about mirroring - first thing that 
the mirror script does is
	NLST -lRat

and that gives you a whole heap of data back, but legitimately.

I wondered about a couple of fixes.  The easier one, is to rewrite the 
parameters so that /../<something>/ is converted to / - this may break a 
couple of things, but probably not if you only rewrite after the first 
component that is not . or .. (so that ../../dir is allowed).

The fun one is to keep track of <dev><inode> for each directory you list, 
and not list or recurse into any directory where you have seen the <dev>
<inode> of the directory before.  This has the disadvantage that it hits 
legitimate use with a performance hit (you could just enable this code if 
you see a * in the original pattern).

	Nigel.

-- 
[ Nigel.Metheringham@theplanet.net   -  Systems Software Engineer ]
[ Tel : +44 113 251 6012                   Fax : +44 113 224 0003 ]
[            Friends don't let friends use sendmail!              ]


--
To unsubscribe:
mail -s unsubscribe redhat-devel-list-request@redhat.com < /dev/null

[prev in list] [next in list] [prev in thread] [next in thread]