summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2015-10-13 13:49:53 +0200
committerDenys Vlasenko2015-10-13 13:49:53 +0200
commitf7ad927c2059ef9cd1cd6befeb43f26b92f6369f (patch)
tree14c58fbd8b7e656dfa644be841ab476c35f72733
parentbf74fb44977d9b90c51dba19c1fd7f071147d955 (diff)
downloadbusybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.zip
busybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.gz
ftpd: make DIR parameter work for non-root too: chdir to it instead of chroot
Unfortunately, chroot() works only for root user, because of attacks on setuid binaries (make DIR/lib/ld-linux.so a shell, hardlink to a setuid binary, chroot to DIR, execute it and get root shell). function old new delta ftpd_main 2160 2180 +20 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/ftpd.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/networking/ftpd.c b/networking/ftpd.c
index 7735b72..8345ae6 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -1223,11 +1223,26 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
#endif
argv += optind;
if (argv[0]) {
+ const char *basedir = argv[0];
#if !BB_MMU
G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
close_on_exec_on(G.root_fd);
#endif
- xchroot(argv[0]);
+ if (chroot(basedir) == 0)
+ basedir = "/";
+#if !BB_MMU
+ else {
+ close(G.root_fd);
+ G.root_fd = -1;
+ }
+#endif
+ /*
+ * If chroot failed, assume that we aren't root,
+ * and at least chdir to the specified DIR
+ * (older versions were dying with error message).
+ * If chroot worked, move current dir to new "/":
+ */
+ xchdir(basedir);
}
#if ENABLE_FEATURE_FTP_AUTHENTICATION