Bug#119450: general: proftpd

To: submit@bugs.debian.org
Subject: Bug#119450: general: proftpd
From: Brian O'Reilly <fade@vader.deepsky.com>
Date: 13 Nov 2001 16:34:47 -0000
Message-id: <[🔎] 20011113163447.7613.qmail@deepsky.com>
Reply-to: Brian O'Reilly <fade@vader.deepsky.com>, 119450@bugs.debian.org

Package: general
Version: 20011113
Severity: grave

proftpd fails to chroot into anonymous server root, as defined by the
<Anonymous /chroot/path> tag, specifically as defined in this config
block:

 <Anonymous /home/ftp>
    User                        ftp
    Group                       ftp
    UserAlias                   anonymous ftp
    Umask                       022
    AllowOverwrite              on
    AnonRequirePassword         on
    RequireValidShell           off
    MaxClients                  10
    DisplayLogin                welcome.msg
    DisplayFirstChdir           .message


... enables anonymous users to view and get files from /, including
such notables as /etc/passwd

ii  proftpd                  1.2.4-1
ii  proftpd-common           1.2.4-1
ii  shellutils               2.0.11-11
ii  libpam-modules           0.72-33
ii  libpam0g                 0.72-33
ii  libpam-runtime           0.72-33


-- System Information
Debian Release: testing/unstable
Kernel Version: Linux maul 2.4.9 #2 SMP Sun Sep 9 01:08:16 EDT 2001 i686 unknown

Reply to:

Prev by Date: Bug#119454: general: proftpd
Next by Date: Re: [OT] sf.net and "free" software (was: Re: sourceforge sucks)
Previous by thread: Bug#119454: general: proftpd
Next by thread: reassigning
Index(es):
- Date
- Thread