rpms / proftpd

Clone
Source Code
GIT

Blame 459693c7.patch

el4 el5 el6 epel7 epel8 epel8-playground epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main rawhide
  1.   ef8129bbea252801daca9de7cc7acdb76b7b177a
  2.   459693c7.patch
Blob History Raw
d082211 
From 459693c70c83b7d173ec10bb8089d4ce4e59d301 Mon Sep 17 00:00:00 2001
d082211 
From: TJ Saunders <tj@castaglia.org>
d082211 
Date: Tue, 2 May 2017 19:56:39 -0700
d082211 
Subject: [PATCH] Bug#4306: AllowChrootSymlinks off could cause login failures
d082211 
 depending on filesystem permissions.
d082211
d082211 
Use the IDs of the logging-in user to perform the directory walk, looking
d082211 
for symlinks, to be more consistent with similar checks done during login.
d082211 
---
d082211 
 modules/mod_auth.c | 6 +++++-
d082211 
 1 file changed, 5 insertions(+), 1 deletion(-)
d082211
d082211 
diff --git a/modules/mod_auth.c b/modules/mod_auth.c
d082211 
index d93c630..2b76070 100644
d082211 
--- a/modules/mod_auth.c
d082211 
+++ b/modules/mod_auth.c
d082211 
@@ -936,9 +936,13 @@ static int get_default_root(pool *p, int allow_symlinks, const char **root) {
d082211 
           path[pathlen-1] = '\0';
d082211 
         }
d082211
d082211 
+        PRIVS_USER
d082211 
         res = is_symlink_path(p, path, pathlen);
d082211 
+        xerrno = errno;
d082211 
+        PRIVS_RELINQUISH
d082211 
+
d082211 
         if (res < 0) {
d082211 
-          if (errno == EPERM) {
d082211 
+          if (xerrno == EPERM) {
d082211 
             pr_log_pri(PR_LOG_WARNING, "error: DefaultRoot %s is a symlink "
d082211 
               "(denied by AllowChrootSymlinks config)", path);
d082211 
           }
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.