Your message dated Sat, 17 Feb 2007 12:10:15 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#384454: fixed in linux-ftpd 0.17-20sarge2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ftpd
Version: 0.17-20
Severity: normal
I have my home directory within an NFS-mounted directory, and logging
in I get (just "/" instead of my home dir):
[EMAIL PROTECTED]:~$ /usr/bin/ftp asti
Connected to asti.maths.usyd.edu.au.
220 asti.maths.usyd.edu.au FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17)
ready.
Name (asti:psz): psz
331 Password required for psz.
Password:
230- No directory! Logging in with home=/
230- Linux asti.maths.usyd.edu.au 2.6.8-spm1.5 #1 SMP Mon Jul 17 07:05:34 EST
2006 i686 GNU/Linux
230-
230- The programs included with the Debian GNU/Linux system are free software;
230- the exact distribution terms for each program are described in the
230- individual files in /usr/share/doc/*/copyright.
230-
230- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
230- permitted by applicable law.
230 User psz logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> cd /users/amstaff/psz
250 CWD command successful.
ftp> pwd
257 "/pisa/users/amstaff/psz" is current directory.
ftp> quit
221 Goodbye.
[EMAIL PROTECTED]:~$
I do not get this nonsense when logging in to the machine containing
my home dir. Settings that may be relevant to ftpd are:
[EMAIL PROTECTED]:~$ grep psz /etc/passwd
psz:x:1001:1001:Paul Szabo:/users/amstaff/psz:/bin/bash
[EMAIL PROTECTED]:~$ ls -l /etc/ftp*
-rw-r--r-- 1 root root 76 Apr 18 2002 /etc/ftpchroot
-rw-r--r-- 1 root root 91 Apr 18 2002 /etc/ftpusers
[EMAIL PROTECTED]:~$ grep . /etc/ftp*
/etc/ftpchroot:# /etc/ftpchroot: list of users who needs to be chrooted. See
ftpchroot(5).
/etc/ftpusers:# /etc/ftpusers: list of users disallowed ftp access. See
ftpusers(5).
/etc/ftpusers:root
/etc/ftpusers:ftp
/etc/ftpusers:anonymous
[EMAIL PROTECTED]:~$ grep bash /etc/shells
/bin/bash
/bin/rbash
[EMAIL PROTECTED]:~$
and to my home dir (my own trace_path utility):
[EMAIL PROTECTED]:~$ trace_path ~
Tracing path /users/amstaff/psz
Dir / (users/amstaff/psz to go)
Dir /users (amstaff/psz to go)
Link /users/amstaff -> /pisa/users/amstaff (psz to go)
Dir / (pisa/users/amstaff/psz to go)
Dir /pisa (users/amstaff/psz to go)
Dir /pisa/users (amstaff/psz to go)
Dir /pisa/users/amstaff (psz to go)
Dir /pisa/users/amstaff/psz
Traversed 7 directories, 1 links
[EMAIL PROTECTED]:~$ mount | grep users
/dev/sda6 on /usr/users type ext3 (rw,usrquota)
pisa:/usr/users on /pisa/users type nfs
(rw,bg,rsize=8192,wsize=8192,addr=129.78.69.136)
[EMAIL PROTECTED]:~$
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.5
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ftpd depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii netbase 4.21 Basic TCP/IP networking system
-- debconf information:
* ftpd/globattack:
--- End Message ---
--- Begin Message ---
Source: linux-ftpd
Source-Version: 0.17-20sarge2
We believe that the bug you reported is fixed in the latest version of
linux-ftpd, which is due to be installed in the Debian FTP archive:
ftpd_0.17-20sarge2_i386.deb
to pool/main/l/linux-ftpd/ftpd_0.17-20sarge2_i386.deb
linux-ftpd_0.17-20sarge2.diff.gz
to pool/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz
linux-ftpd_0.17-20sarge2.dsc
to pool/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> (supplier of updated linux-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 25 Sep 2006 12:04:40 +0200
Source: linux-ftpd
Binary: ftpd
Architecture: source i386
Version: 0.17-20sarge2
Distribution: stable-security
Urgency: high
Maintainer: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Changed-By: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
Description:
ftpd - FTP server
Closes: 384454
Changes:
linux-ftpd (0.17-20sarge2) stable-security; urgency=high
.
* Sarge security release.
* Fixed ftpd from doing chdir while runing as root.
(Closes: #384454) Thanks a lot to Paul Szabo for finding out
and the patch. (CVE-2006-5778)
Files:
371222af9e3f445d8b1a0622f3a70382 610 net extra linux-ftpd_0.17-20sarge2.dsc
f5f491564812db5d8783daa538c49186 46763 net extra linux-ftpd_0.17.orig.tar.gz
3848d3d15b78aa4dd17b0e09c64b15a8 16034 net extra
linux-ftpd_0.17-20sarge2.diff.gz
10ce0c8367e83b1ce1419b244753dcc0 43310 net extra ftpd_0.17-20sarge2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFVO4wXm3vHE4uyloRAplsAKDPdPZw/VrKq5KXLEt2Pg9xMZ9z7ACgyF0O
g0W1srpyhg4eyyTRnyTEHRk=
=2E1u
-----END PGP SIGNATURE-----
--- End Message ---
