Chroot in ftpd on newer kernel versions
Rich Felker
dalias at aerifal.cx
Wed Oct 3 02:56:59 UTC 2012
On Wed, Oct 03, 2012 at 04:25:41AM +0200, Harald Becker wrote:
> Hi All,
>
> after a lightning stroke hit our house and damaged several electronic
> devices including my router box and computer, I'm going to setup a new
> small home server machine. By this I hit on an issue with chroot in
> Busybox ftpd applet. I didn't look into this, but may be it affects
> other places too:
>
> Newer Linux kernel versions (tested with v3.5.3) seem to disable chroot
> for none root users. If ftpd is called as root it is able to chroot to
chroot has never been possible for non-root users. Allowing non-root
users to chroot will almost surely allow them to obtain root if there
are any suid-root binaries on the system.
> So I suggest to add an option to ftpd to change user/group after doing
> chroot if run as root, and to bypass chroot if not running as root.
>
> .... or is there anything I'm doing wrong?
>
> Any other comments on this?
I would urge you not to even think of using any ftpd except vsftpd.
I've never seen another one that's remotely secure.
Rich
More information about the busybox
mailing list