989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
27 lines
750 B
Diff
27 lines
750 B
Diff
--- libexec/ftpd/ftpd.c.orig
|
|
+++ libexec/ftpd/ftpd.c
|
|
@@ -1596,13 +1596,20 @@
|
|
* (uid 0 has no root power over NFS if not mapped explicitly.)
|
|
*/
|
|
if (seteuid(pw->pw_uid) < 0) {
|
|
- reply(550, "Can't set uid.");
|
|
- goto bad;
|
|
+ if (guest || dochroot) {
|
|
+ fatalerror("Can't set uid.");
|
|
+ } else {
|
|
+ reply(550, "Can't set uid.");
|
|
+ goto bad;
|
|
+ }
|
|
}
|
|
+ /*
|
|
+ * Do not allow the session to live if we're chroot()'ed and chdir()
|
|
+ * fails. Otherwise the chroot jail can be escaped.
|
|
+ */
|
|
if (chdir(homedir) < 0) {
|
|
if (guest || dochroot) {
|
|
- reply(550, "Can't change to base directory.");
|
|
- goto bad;
|
|
+ fatalerror("Can't change to base directory.");
|
|
} else {
|
|
if (chdir("/") < 0) {
|
|
reply(550, "Root is inaccessible.");
|