Re: wu-ftpd-2.4.2.16-12 security problem

To: "Chad A. Adlawan" <caa@archangel.8eight8.net.ph>
Cc: Shao Zhang <shao@cia.com.au>, debian-user@lists.debian.org
Subject: Re: wu-ftpd-2.4.2.16-12 security problem
From: Shao Zhang <shao@cia.com.au>
Date: Tue, 18 May 1999 14:25:05 +0000
Message-id: <[🔎] 19990518142505.A15749@shao.shao.penguinpowered.com>

Hi,
	thx for you reply. but it does not work for me.

	here is what I have:
	in /etc/passwd:
		shao:x:1000:1000:Shao Zhang,,,:/home/shao/./:/bin/bash

	in /etc/group:
		floppy:x:25:shao
	
	in /etc/wu-ftpd-academ/ftpaccess:
		guestgroup floppy

	After the user logs in, the use cannot see their home dir at all.

	pwd returns the current dir is /.

	Thanks.
Shao.


In-Reply-To: <[🔎] 19990518114138.A23619@archangel.8eight8.net.ph>; from Chad A. Adlawan on Tue, May 18, 1999 at 11:41:38AM +0800

On Tue, May 18, 1999 at 11:41:38AM +0800, Chad A. Adlawan wrote:
>   thats not a security problem.  its how its supposed to behave.
>   if u dont want users chrooted to /home/username, that is, they can only go
> to as high as /home/username, read on re giving users "guestgroup" access in
> wu-ftpd docs, and then change their respective enreies in /etc/passwd so that
> when theyll log in to ftp, they'll be chrooted to /home/username ...
>   example, for /etc/passwd:
>   user:x:1023:1100:user,,,:/home/user/./:/usr/bin/ascriptiwrote
>                            ^^^^^^^^^^^^^
>                            this is his chrooted dir
>   also, try reading man chroot
> AFAIK,
> Chad
> 
> 
> On Tue, May 18, 1999 at 01:00:15PM +0000, Shao Zhang wrote:
> > Hi,
> > 	I just found that this version of the wu-ftpd allows any user do a cd /
> > 	And then all users can see the / directory on the system.
> > 
> > 	How do I stop this? I only want them to see /home/username.
> > 
> > 	Thanks.
> > 
> > 
> > Shao.
> > 
> > -- 
> > ____________________________________________________________________________
> > Shao Zhang - Running Debian 2.1  ___ _               _____
> > Department of Communications    / __| |_  __ _ ___  |_  / |_  __ _ _ _  __ _ 
> > University of New South Wales   \__ \ ' \/ _` / _ \  / /| ' \/ _` | ' \/ _` |
> > Sydney, Australia               |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, |
> > Email: shao@cia.com.au                                                  |___/ 
> > _____________________________________________________________________________
> > 
> > 
> > -- 
> > Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> > 
> 

-- 
____________________________________________________________________________
Shao Zhang - Running Debian 2.1  ___ _               _____
Department of Communications    / __| |_  __ _ ___  |_  / |_  __ _ _ _  __ _ 
University of New South Wales   \__ \ ' \/ _` / _ \  / /| ' \/ _` | ' \/ _` |
Sydney, Australia               |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, |
Email: shao@cia.com.au                                                  |___/ 
_____________________________________________________________________________

Reply to:

Prev by Date: Re: laser postscript BW printer versus ink jet printer.
Next by Date: Re: Inetd: smtp/tcp server failing (looping), service terminated
Previous by thread: Re: wu-ftpd-2.4.2.16-12 security problem
Next by thread: WordPerfect can't open ~/.wprc/.wp8x.set
Index(es):
- Date
- Thread