ftpd: make DIR parameter work for non-root too: chdir to it instead of chroot

Unfortunately, chroot() works only for root user, because of attacks on setuid binaries (make DIR/lib/ld-linux.so a shell, hardlink to a setuid binary, chroot to DIR, execute it and get root shell). function old new delta ftpd_main 2160 2180 +20 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2015-10-13 13:49:53 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2015-10-13 13:49:53 +0200
commit: f7ad927c2059ef9cd1cd6befeb43f26b92f6369f (patch)
tree: 14c58fbd8b7e656dfa644be841ab476c35f72733
parent: bf74fb44977d9b90c51dba19c1fd7f071147d955 (diff)
download: busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.gz
busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.bz2
busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.zip
1 files changed, 16 insertions, 1 deletions
diff --git a/networking/ftpd.c b/networking/ftpd.c
index 7735b7233..8345ae67c 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -1223,11 +1223,26 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 #endif
        argv += optind;
        if (argv[0]) {
+                const char *basedir = argv[0];
 #if !BB_MMU
                G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
                close_on_exec_on(G.root_fd);
 #endif
-                xchroot(argv[0]);
+                if (chroot(basedir) == 0)
+                        basedir = "/";
+#if !BB_MMU
+                else {
+                        close(G.root_fd);
+                        G.root_fd = -1;
+                }
+#endif
+                /*
+                 * If chroot failed, assume that we aren't root,
+                 * and at least chdir to the specified DIR
+                 * (older versions were dying with error message).
+                 * If chroot worked, move current dir to new "/":
+                 */
+                xchdir(basedir);
        }
 #if ENABLE_FEATURE_FTP_AUTHENTICATION
author	Denys Vlasenko <vda.linux@googlemail.com>	2015-10-13 13:49:53 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2015-10-13 13:49:53 +0200
commit	f7ad927c2059ef9cd1cd6befeb43f26b92f6369f (patch)
tree	14c58fbd8b7e656dfa644be841ab476c35f72733
parent	bf74fb44977d9b90c51dba19c1fd7f071147d955 (diff)
download	busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.gz busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.tar.bz2 busybox-w32-f7ad927c2059ef9cd1cd6befeb43f26b92f6369f.zip

diff --git a/networking/ftpd.c b/networking/ftpd.c index 7735b7233..8345ae67c 100644 --- a/networking/ftpd.c +++ b/networking/ftpd.c
@@ -1223,11 +1223,26 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
1223	#endif	1223	#endif
1224	argv += optind;	1224	argv += optind;
1225	if (argv[0]) {	1225	if (argv[0]) {
		1226	const char *basedir = argv[0];
1226	#if !BB_MMU	1227	#if !BB_MMU
1227	G.root_fd = xopen("/", O_RDONLY \| O_DIRECTORY);	1228	G.root_fd = xopen("/", O_RDONLY \| O_DIRECTORY);
1228	close_on_exec_on(G.root_fd);	1229	close_on_exec_on(G.root_fd);
1229	#endif	1230	#endif
1230	xchroot(argv[0]);	1231	if (chroot(basedir) == 0)
		1232	basedir = "/";
		1233	#if !BB_MMU
		1234	else {
		1235	close(G.root_fd);
		1236	G.root_fd = -1;
		1237	}
		1238	#endif
		1239	/*
		1240	* If chroot failed, assume that we aren't root,
		1241	* and at least chdir to the specified DIR
		1242	* (older versions were dying with error message).
		1243	* If chroot worked, move current dir to new "/":
		1244	*/
		1245	xchdir(basedir);
1231	}	1246	}
1232		1247
1233	#if ENABLE_FEATURE_FTP_AUTHENTICATION	1248	#if ENABLE_FEATURE_FTP_AUTHENTICATION