From gallatin@cs.duke.edu  Fri Apr  7 07:08:19 2000
Return-Path: <gallatin@cs.duke.edu>
Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1])
	by hub.freebsd.org (Postfix) with ESMTP id AFD8837B858
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  7 Apr 2000 07:08:17 -0700 (PDT)
	(envelope-from gallatin@cs.duke.edu)
Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30])
	by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA08022
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 7 Apr 2000 10:08:10 -0400 (EDT)
Received: (from gallatin@localhost)
	by grasshopper.cs.duke.edu (8.9.3/8.9.1) id KAA33916;
	Fri, 7 Apr 2000 10:07:40 -0400 (EDT)
	(envelope-from gallatin@cs.duke.edu)
Message-Id: <200004071407.KAA33916@grasshopper.cs.duke.edu>
Date: Fri, 7 Apr 2000 10:07:40 -0400 (EDT)
From: Andrew Gallatin <gallatin@cs.duke.edu>
Reply-To: gallatin@cs.duke.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: ftpd fails to set cwd with mode 700 NFS mounted home dirs
X-Send-Pr-Version: 3.2

>Number:         17843
>Category:       bin
>Synopsis:       ftpd fails to set cwd with mode 700 NFS mounted home dirs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr  7 07:10:01 PDT 2000
>Closed-Date:    Tue Feb 11 06:52:00 PST 2003
>Last-Modified:  Tue Feb 11 06:52:00 PST 2003
>Originator:     Andrew Gallatin
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
>Environment:

	NFS mounted home directories, server mapping 0 to something
other than 0

>Description:

	ftpd will currently fail to set the CWD when logging in if a
user's home directory is mode 700 & it is mounted over NFS & the NFS
server is not mapping root to 0

>How-To-Repeat:

ftp into such a setup.  Eg:

% ftp 192.233.54.149
Connected to 192.233.54.149.
220 spe149.testdrive.compaq.com FTP server (Version 6.00LS) ready.
Name (192.233.54.149:gallatin): gallatin
331 Password required for gallatin.
Password:
230- No directory! Logging in with home=/
230 User gallatin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.


>Fix:

Index: libexec/ftpd//ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.62
diff -u -r1.62 ftpd.c
--- libexec/ftpd//ftpd.c	2000/02/10 19:51:30	1.62
+++ libexec/ftpd//ftpd.c	2000/04/07 13:55:40
@@ -1287,14 +1287,29 @@
 			goto bad;
 		}
 	} else if (chdir(pw->pw_dir) < 0) {
-		if (chdir("/") < 0) {
-			reply(530, "User %s: can't change directory to %s.",
-			    pw->pw_name, pw->pw_dir);
+		/*  
+		 * We may have failed to chdir if the user's home
+		 * directory is mounted over NFS & it is unreadable by
+		 * this machines superuser (eg. mode x00) -- set the
+		 * uid & try again.  
+		 */
+		
+		if (seteuid((uid_t)pw->pw_uid) < 0) {
+			reply(550, "Can't set uid.");
 			goto bad;
-		} else
-			lreply(230, "No directory! Logging in with home=/");
+		}
+
+		if (chdir(pw->pw_dir) < 0) {
+			if (chdir("/") < 0) {
+				reply(530, "User %s: can't change directory to %s.",
+				    pw->pw_name, pw->pw_dir);
+				goto bad;
+			} else
+				lreply(230, "No directory! Logging in with home=/");
+		}
 	}
-	if (seteuid((uid_t)pw->pw_uid) < 0) {
+	if (((uid_t)pw->pw_uid != geteuid()) && 
+	    seteuid((uid_t)pw->pw_uid) < 0) {
 		reply(550, "Can't set uid.");
 		goto bad;
 	}



>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: johan 
State-Changed-When: Fri May 10 18:58:44 PDT 2002 
State-Changed-Why:  
We are moving to LukemFTPd in current. 

Can you possibly try this with a -current from  
after feb 28 2002 using lukemftpd and report back 
if it works or not? 


http://www.freebsd.org/cgi/query-pr.cgi?pr=17843 
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: johan 
Responsible-Changed-When: Wed Aug 21 12:46:10 PDT 2002 
Responsible-Changed-Why:  
Over to Yar who has been seen working with the ftpd code. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17843 

From: Yar Tikhiy <yar@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, gallatin@cs.duke.edu
Cc:  
Subject: Re: bin/17843: ftpd fails to set cwd with mode 700 NFS mounted home dirs
Date: Wed, 29 Jan 2003 11:55:37 +0300

 Hi Andrew,
 
 I'm installing a patch to FreeBSD-current that should fix the problem
 you reported 3 years ago (it's a shame it took us that long to deal
 with it) along with a number of other bugs in ftpd(8).
 Could you test my solution in -current, or shall I provide a patch
 against 4.7-stable for your convenience?
 
 -- 
 Yar
State-Changed-From-To: feedback->patched 
State-Changed-By: yar 
State-Changed-When: Wed Jan 29 02:09:52 PST 2003 
State-Changed-Why:  
Fixed in -current. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17843 

From: Andrew Gallatin <gallatin@cs.duke.edu>
To: Yar Tikhiy <yar@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/17843: ftpd fails to set cwd with mode 700 NFS mounted home dirs
Date: Wed, 29 Jan 2003 10:09:48 -0500 (EST)

 Yar Tikhiy writes:
  > Hi Andrew,
  > 
  > I'm installing a patch to FreeBSD-current that should fix the problem
  > you reported 3 years ago (it's a shame it took us that long to deal
  > with it) along with a number of other bugs in ftpd(8).
 
 I would have just comitted it myself, but touching code with such
 a high security profile makes me nervous.
 
  > Could you test my solution in -current, or shall I provide a patch
  > against 4.7-stable for your convenience?
 
 
 Unfortunately, the problem happened at Compaq's test-drive site.  I
 was for a time helping the person admin'ing the FreeBSD systems there
 because of some FreeBSD/alpha issues they'd raised,  and because his
 boss & I knew each other.  He left a few years back, as did his boss,
 and I no longer have any contact with them...
 
 Thanks for finally closing this!
 
 Drew
State-Changed-From-To: patched->closed 
State-Changed-By: yar 
State-Changed-When: Tue Feb 11 06:51:18 PST 2003 
State-Changed-Why:  
Fixed in STABLE as well.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17843 
>Unformatted:
