Your message dated Fri, 15 Sep 2006 04:32:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#384454: fixed in linux-ftpd 0.17-22
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ftpd
Version: 0.17-20
Severity: normal
I have my home directory within an NFS-mounted directory, and logging
in I get (just "/" instead of my home dir):
[EMAIL PROTECTED]:~$ /usr/bin/ftp asti
Connected to asti.maths.usyd.edu.au.
220 asti.maths.usyd.edu.au FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17)
ready.
Name (asti:psz): psz
331 Password required for psz.
Password:
230- No directory! Logging in with home=/
230- Linux asti.maths.usyd.edu.au 2.6.8-spm1.5 #1 SMP Mon Jul 17 07:05:34 EST
2006 i686 GNU/Linux
230-
230- The programs included with the Debian GNU/Linux system are free software;
230- the exact distribution terms for each program are described in the
230- individual files in /usr/share/doc/*/copyright.
230-
230- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
230- permitted by applicable law.
230 User psz logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> cd /users/amstaff/psz
250 CWD command successful.
ftp> pwd
257 "/pisa/users/amstaff/psz" is current directory.
ftp> quit
221 Goodbye.
[EMAIL PROTECTED]:~$
I do not get this nonsense when logging in to the machine containing
my home dir. Settings that may be relevant to ftpd are:
[EMAIL PROTECTED]:~$ grep psz /etc/passwd
psz:x:1001:1001:Paul Szabo:/users/amstaff/psz:/bin/bash
[EMAIL PROTECTED]:~$ ls -l /etc/ftp*
-rw-r--r-- 1 root root 76 Apr 18 2002 /etc/ftpchroot
-rw-r--r-- 1 root root 91 Apr 18 2002 /etc/ftpusers
[EMAIL PROTECTED]:~$ grep . /etc/ftp*
/etc/ftpchroot:# /etc/ftpchroot: list of users who needs to be chrooted. See
ftpchroot(5).
/etc/ftpusers:# /etc/ftpusers: list of users disallowed ftp access. See
ftpusers(5).
/etc/ftpusers:root
/etc/ftpusers:ftp
/etc/ftpusers:anonymous
[EMAIL PROTECTED]:~$ grep bash /etc/shells
/bin/bash
/bin/rbash
[EMAIL PROTECTED]:~$
and to my home dir (my own trace_path utility):
[EMAIL PROTECTED]:~$ trace_path ~
Tracing path /users/amstaff/psz
Dir / (users/amstaff/psz to go)
Dir /users (amstaff/psz to go)
Link /users/amstaff -> /pisa/users/amstaff (psz to go)
Dir / (pisa/users/amstaff/psz to go)
Dir /pisa (users/amstaff/psz to go)
Dir /pisa/users (amstaff/psz to go)
Dir /pisa/users/amstaff (psz to go)
Dir /pisa/users/amstaff/psz
Traversed 7 directories, 1 links
[EMAIL PROTECTED]:~$ mount | grep users
/dev/sda6 on /usr/users type ext3 (rw,usrquota)
pisa:/usr/users on /pisa/users type nfs
(rw,bg,rsize=8192,wsize=8192,addr=129.78.69.136)
[EMAIL PROTECTED]:~$
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.5
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ftpd depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii netbase 4.21 Basic TCP/IP networking system
-- debconf information:
* ftpd/globattack:
--- End Message ---
--- Begin Message ---
Source: linux-ftpd
Source-Version: 0.17-22
We believe that the bug you reported is fixed in the latest version of
linux-ftpd, which is due to be installed in the Debian FTP archive:
ftpd_0.17-22_i386.deb
to pool/main/l/linux-ftpd/ftpd_0.17-22_i386.deb
linux-ftpd_0.17-22.diff.gz
to pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz
linux-ftpd_0.17-22.dsc
to pool/main/l/linux-ftpd/linux-ftpd_0.17-22.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> (supplier of updated linux-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 15 Sep 2006 13:14:25 +0200
Source: linux-ftpd
Binary: ftpd
Architecture: source i386
Version: 0.17-22
Distribution: unstable
Urgency: high
Maintainer: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Changed-By: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Description:
ftpd - FTP server
Closes: 384454
Changes:
linux-ftpd (0.17-22) unstable; urgency=high
.
* Fixing two security bugs:
- Fixed ftpd from doing chdir while runing as root.
(Closes: #384454) Thanks a lot to Paul Szabo for finding out
and the patch.
- Check the return value from setuid calls to avoid running
code as root. Thanks Paul Szabo for the patch.
Files:
d5e14064236d58ca0ed09912c9b7d628 598 net extra linux-ftpd_0.17-22.dsc
00e259a59deb1f818abeb09e4aaef1c5 16423 net extra linux-ftpd_0.17-22.diff.gz
fd3d3c41e7fedce9899dfe73f4a5f032 44072 net extra ftpd_0.17-22_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFCozKxRSvjkukAcMRAs3IAJ9s7iBTfDpkYnysWNRuChh9nWG4ggCgq29O
pCdAFBKD52fZpgIQt/93uDw=
=gXJz
-----END PGP SIGNATURE-----
--- End Message ---
