2005-02-08 07:52:54 +00:00
|
|
|
--- vsftpd-2.0.1/twoprocess.c.nonrootconf 2004-07-02 18:47:51.000000000 +0200
|
|
|
|
+++ vsftpd-2.0.1/twoprocess.c 2005-02-08 09:37:26.641905544 +0100
|
2007-11-30 13:34:01 +00:00
|
|
|
@@ -416,11 +416,17 @@
|
2005-02-08 07:52:54 +00:00
|
|
|
str_append_char(&filename_str, '/');
|
|
|
|
str_append_str(&filename_str, p_user_str);
|
|
|
|
retval = str_stat(&filename_str, &p_statbuf);
|
|
|
|
- /* Security - ignore unless owned by root */
|
2007-11-30 13:34:01 +00:00
|
|
|
- if (!vsf_sysutil_retval_is_error(retval) &&
|
|
|
|
- vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
|
2005-02-08 07:52:54 +00:00
|
|
|
+ /* Security - die unless owned by root */
|
2007-11-30 13:34:01 +00:00
|
|
|
+ if (!vsf_sysutil_retval_is_error(retval))
|
2005-02-08 07:52:54 +00:00
|
|
|
{
|
2007-11-30 13:34:01 +00:00
|
|
|
- vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
|
|
|
|
+ if (vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
|
|
|
|
+ {
|
|
|
|
+ vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
|
|
|
|
+ }
|
|
|
|
+ else
|
|
|
|
+ {
|
|
|
|
+ die("reading non-root config file");
|
|
|
|
+ }
|
2005-02-08 07:52:54 +00:00
|
|
|
}
|
|
|
|
str_free(&filename_str);
|
|
|
|
vsf_sysutil_free(p_statbuf);
|
|
|
|
--- vsftpd-2.0.1/parseconf.c.nonrootconf 2004-07-02 13:23:56.000000000 +0200
|
|
|
|
+++ vsftpd-2.0.1/parseconf.c 2005-02-08 09:37:26.642905392 +0100
|
|
|
|
@@ -15,6 +15,7 @@
|
|
|
|
#include "defs.h"
|
|
|
|
#include "sysutil.h"
|
|
|
|
#include "utility.h"
|
|
|
|
+#include "sysstr.h"
|
|
|
|
|
|
|
|
static const char* s_p_saved_filename;
|
|
|
|
static int s_strings_copied;
|
|
|
|
@@ -167,6 +168,8 @@
|
|
|
|
struct mystr config_file_str = INIT_MYSTR;
|
|
|
|
struct mystr config_setting_str = INIT_MYSTR;
|
|
|
|
struct mystr config_value_str = INIT_MYSTR;
|
|
|
|
+ struct vsf_sysutil_statbuf* p_statbuf = 0;
|
|
|
|
+
|
|
|
|
unsigned int str_pos = 0;
|
|
|
|
int retval;
|
|
|
|
if (!p_filename)
|
|
|
|
@@ -195,7 +198,9 @@
|
|
|
|
copy_string_settings();
|
|
|
|
}
|
|
|
|
retval = str_fileread(&config_file_str, p_filename, VSFTP_CONF_FILE_MAX);
|
|
|
|
- if (vsf_sysutil_retval_is_error(retval))
|
|
|
|
+ (int)str_stat(&config_file_str, &p_statbuf);
|
|
|
|
+ /* Security - die unless the conf file is owned by root */
|
|
|
|
+ if (vsf_sysutil_retval_is_error(retval) || vsf_sysutil_statbuf_get_uid(p_statbuf) != VSFTP_ROOT_UID)
|
|
|
|
{
|
|
|
|
if (errs_fatal)
|
|
|
|
{
|
|
|
|
--- vsftpd-2.0.1/vsftpd.8.nonrootconf 2005-02-08 09:37:26.000000000 +0100
|
|
|
|
+++ vsftpd-2.0.1/vsftpd.8 2005-02-08 09:44:21.173887104 +0100
|
|
|
|
@@ -28,7 +28,8 @@
|
|
|
|
.Sh OPTIONS
|
|
|
|
An optional
|
|
|
|
.Op configuration file
|
|
|
|
-may be given on the command line. The default configuration file is
|
|
|
|
+may be given on the command line. This configuration files has to be owned by
|
|
|
|
+root. The default configuration file is
|
|
|
|
.Pa /etc/vsftpd/vsftpd.conf .
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr vsftpd.conf 5
|