[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#119450: general: proftpd

Package: general
Version: 20011113
Severity: grave

proftpd fails to chroot into anonymous server root, as defined by the
<Anonymous /chroot/path> tag, specifically as defined in this config

 <Anonymous /home/ftp>
    User                        ftp
    Group                       ftp
    UserAlias                   anonymous ftp
    Umask                       022
    AllowOverwrite              on
    AnonRequirePassword         on
    RequireValidShell           off
    MaxClients                  10
    DisplayLogin                welcome.msg
    DisplayFirstChdir           .message

... enables anonymous users to view and get files from /, including
such notables as /etc/passwd

ii  proftpd                  1.2.4-1
ii  proftpd-common           1.2.4-1
ii  shellutils               2.0.11-11
ii  libpam-modules           0.72-33
ii  libpam0g                 0.72-33
ii  libpam-runtime           0.72-33

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux maul 2.4.9 #2 SMP Sun Sep 9 01:08:16 EDT 2001 i686 unknown

Reply to: