Document allow_writeable_chroot in the man page

Resolves: rhbz#1507143
This commit is contained in:
Ondřej Lysoněk 2017-10-31 16:17:50 +01:00
parent 178f53fd5f
commit 0d16113de4
2 changed files with 38 additions and 1 deletions

View File

@ -0,0 +1,32 @@
From a565aa70aafd5c955680e43bb396c8a371fee6a9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 31 Oct 2017 16:13:46 +0100
Subject: [PATCH 38/38] Document allow_writeable_chroot in the man page
---
vsftpd.conf.5 | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
index 45b3f9c..d1f0db5 100644
--- a/vsftpd.conf.5
+++ b/vsftpd.conf.5
@@ -56,6 +56,15 @@ Only applies if
is active. If set to YES, anonymous users will be allowed to use secured SSL
connections.
+Default: NO
+.TP
+.B allow_writeable_chroot
+Allow chroot()'ing a user to a directory writable by that user. Note that
+setting this to YES is potentially dangerous. For example, if the user
+creates an 'etc' directory in the new root directory, they could potentially
+trick the C library into loading a user-created configuration file from the
+/etc/ directory.
+
Default: NO
.TP
.B anon_mkdir_write_enable
--
2.14.3

View File

@ -2,7 +2,7 @@
Name: vsftpd Name: vsftpd
Version: 3.0.3 Version: 3.0.3
Release: 9%{?dist} Release: 10%{?dist}
Summary: Very Secure Ftp Daemon Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons Group: System Environment/Daemons
@ -66,6 +66,7 @@ Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch
Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch
%description %description
vsftpd is a Very Secure FTP daemon. It was written completely from vsftpd is a Very Secure FTP daemon. It was written completely from
@ -135,6 +136,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
%{_var}/ftp %{_var}/ftp
%changelog %changelog
* Tue Oct 31 2017 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-10
- Document allow_writeable_chroot in the man page
- Resolves: rhbz#1507143
* Thu Oct 26 2017 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-9 * Thu Oct 26 2017 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-9
- Document the relationship of text_userdb_names and chroot_local_user - Document the relationship of text_userdb_names and chroot_local_user
- Resolves: rhbz#1439724 - Resolves: rhbz#1439724