ftpd: make DIR parameter work for non-root too: chdir to it instead of chroot

Unfortunately, chroot() works only for root user, because of attacks on setuid binaries (make DIR/lib/ld-linux.so a shell, hardlink to a setuid binary, chroot to DIR, execute it and get root shell). function old new delta ftpd_main 2160 2180 +20 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko 2015-10-13 13:49:53 +0200
committer: Denys Vlasenko 2015-10-13 13:49:53 +0200
commit: f7ad927c2059ef9cd1cd6befeb43f26b92f6369f (patch)
tree: 14c58fbd8b7e656dfa644be841ab476c35f72733
parent: bf74fb44977d9b90c51dba19c1fd7f071147d955 (diff)
download: busybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.zip
busybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/networking/ftpd.c b/networking/ftpd.c
index 7735b72..8345ae6 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -1223,11 +1223,26 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 #endif
 	argv += optind;
 	if (argv[0]) {
+		const char *basedir = argv[0];
 #if !BB_MMU
 		G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
 		close_on_exec_on(G.root_fd);
 #endif
-		xchroot(argv[0]);
+		if (chroot(basedir) == 0)
+			basedir = "/";
+#if !BB_MMU
+		else {
+			close(G.root_fd);
+			G.root_fd = -1;
+		}
+#endif
+		/*
+		 * If chroot failed, assume that we aren't root,
+		 * and at least chdir to the specified DIR
+		 * (older versions were dying with error message).
+		 * If chroot worked, move current dir to new "/":
+		 */
+		xchdir(basedir);
 	}
 
 #if ENABLE_FEATURE_FTP_AUTHENTICATION
author	Denys Vlasenko	2015-10-13 13:49:53 +0200
committer	Denys Vlasenko	2015-10-13 13:49:53 +0200
commit	f7ad927c2059ef9cd1cd6befeb43f26b92f6369f (patch)
tree	14c58fbd8b7e656dfa644be841ab476c35f72733
parent	bf74fb44977d9b90c51dba19c1fd7f071147d955 (diff)
download	busybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.zip busybox-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.gz