ftpd: make DIR parameter work for non-root too: chdir to it instead of chroot

Unfortunately, chroot() works only for root user, because of attacks
on setuid binaries (make DIR/lib/ld-linux.so a shell, hardlink to
a setuid binary, chroot to DIR, execute it and get root shell).

function                                             old     new   delta
ftpd_main                                           2160    2180     +20

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2015-10-13 13:49:53 +02:00
parent bf74fb4497
commit f7ad927c20

View File

@ -1223,11 +1223,26 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
#endif #endif
argv += optind; argv += optind;
if (argv[0]) { if (argv[0]) {
const char *basedir = argv[0];
#if !BB_MMU #if !BB_MMU
G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY); G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
close_on_exec_on(G.root_fd); close_on_exec_on(G.root_fd);
#endif #endif
xchroot(argv[0]); if (chroot(basedir) == 0)
basedir = "/";
#if !BB_MMU
else {
close(G.root_fd);
G.root_fd = -1;
}
#endif
/*
* If chroot failed, assume that we aren't root,
* and at least chdir to the specified DIR
* (older versions were dying with error message).
* If chroot worked, move current dir to new "/":
*/
xchdir(basedir);
} }
#if ENABLE_FEATURE_FTP_AUTHENTICATION #if ENABLE_FEATURE_FTP_AUTHENTICATION