Chroot in ftpd on newer kernel versions
Rob Landley
rob at landley.net
Sun Oct 7 23:37:12 UTC 2012
On Sun, Oct 7, 2012 at 2:14 AM, Harald Becker <ralda at gmx.de> wrote:
> Hi Rob !
>
>>Yeah, I fixed that for Aboriginal Linux back in August, here's my
>>patch:
>>
>>http://landley.net/hg/aboriginal/file/1535/sources/patches/busybox-ftpd.patch
>
> This hits my intention ... but why getpid? Doesn't this return always
> none zero process id? Did you mean getuid, which makes more sence?
Yup. It was a quick 5 minute "get it working again" hack. There's a
reason I never sent it here. (Also partly because I thought the
behavior change of taking away the ability to select a default
directory for everybody but root was an intentional if unannounced
design change. And because I had a chronic shortage of time/energy
during my year working at polycom, and still have a week in The
Cubicle I can start catching up on anything else.)
> In addition I suggest dropping the user privileges to a specific user
> (e.g. ftp) if run as root. Something like this (untested):
>
> if (!getuid())
> {
> xchroot(".");
> xget_uidgid(&ugid, "ftp");
> xsetgid(ugid.gid);
> xsetuid(ugid.uid);
> }
Good luck. I'm not running it as root...
Rob
More information about the busybox
mailing list