NetBSD ftpchroot Parsing Vulnerability

In NetBSD 1.4.2 there exists an ftpd vulnerability which prevents /etc/ftpchroot from being used properly to chroot() specific users. chroot() is a system call that changes the root directory of a process, it is used to prevent access of a process outside of a certain subdirectory tree in a filesystem. /etc/ftpchroot is a file that lists users who are to be chroot()ed in their home directories by the ftp daemon, meaning they can only access the directory tree below their homedir. Unfortunately, what was meant to be a fix in other code caused a parsing error that resulted in /etc/ftpchroot not being interpreted properly and thus not restricting the access of the users.


 

Privacy Statement
Copyright 2010, SecurityFocus