From nobody@FreeBSD.org  Fri Apr 19 06:15:29 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 12B3837B400
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 19 Apr 2002 06:15:25 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g3JDFPY36910;
	Fri, 19 Apr 2002 06:15:25 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200204191315.g3JDFPY36910@freefall.freebsd.org>
Date: Fri, 19 Apr 2002 06:15:25 -0700 (PDT)
From: Nino Dehne <ndehne@clan-planet.ch>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] ftpd(8) cannot delete stale symlinks
X-Send-Pr-Version: www-1.0

>Number:         37250
>Category:       bin
>Synopsis:       [PATCH] ftpd(8) cannot delete stale symlinks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 19 06:20:01 PDT 2002
>Closed-Date:    Mon Jul 29 13:20:12 PDT 2002
>Last-Modified:  Mon Jul 29 13:20:12 PDT 2002
>Originator:     Nino Dehne
>Release:        FreeBSD 4.5-RELEASE-p2 i386
>Organization:
Clan-Planet GmbH
>Environment:
FreeBSD [...] 4.5-RELEASE-p2 FreeBSD 4.5-RELEASE-p2 #1: Tue Mar 19 18:17:09 CET 2002 root@[...] i386
>Description:
When trying to delete a file via ftp(1) (or any other client, it doesn't matter), ftpd(8) does a stat(2) on the file to verify it's there. However, if the file to delete is a symlink the target of the link gets checked, not the link itself thus making stale links impossible to delete via ftp.

This occured when local users had symlinks in their home which point to /usr/local/something but are rendered stale when users log in via ftp (due to using chroot() feature of ftpd(8)).
>How-To-Repeat:
Create a symlink inside a user's home which points outside of the user's home. Log in as that user via ftp while chroot()'ing him using /etc/ftpchroot. Try to delete said link.

This should also work with "ordinary" stale symlinks, i.e. not involving any chroot'ing behaviour of ftpd(8).
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Nino Dehne <TeCeEm@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org, ndehne@clan-planet.ch
Cc:  
Subject: Re: bin/37250: [PATCH] ftpd(8) cannot delete stale symlinks
Date: Fri, 19 Apr 2002 15:24:18 +0200

   >Fix:
 
 (hit submit too fast *sigh*. here's the fix)
 
 I am no C coder. Reading on stat(2) and lstat(2) makes me think the
 following patch should work. Please comment.
 
 --- ftpd.c.patch begins here ---
 --- /usr/src/libexec/ftpd/ftpd.c    Tue Dec 18 19:35:55 2001
 +++ ftpd.c.new    Fri Apr 19 13:04:42 2002
 @@ -2180,7 +2180,7 @@
        struct stat st;
 
        LOGCMD("delete", name);
 - if (stat(name, &st) < 0) {
 + if (lstat(name, &st) < 0) {
            perror_reply(550, name);
            return;
        }
 --- ftpd.c.patch ends here ---
 
 

From: Peter Sanchez <psanchez@packet-addiction.org>
To: Nino Dehne <ndehne@clan-planet.ch>,
	freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/37250: [PATCH] ftpd(8) cannot delete stale symlinks
Date: Fri, 26 Apr 2002 11:57:59 -0700

 This patch appears to work...
 
 -- START
 
 --- libexec/ftpd/ftpd.c Fri Apr 26 11:39:59 2002
 +++ libexec/ftpd/ftpd.c.new     Fri Apr 26 11:40:34 2002
 @@ -2170,8 +2170,10 @@
  
         LOGCMD("delete", name);
         if (stat(name, &st) < 0) {
 -               perror_reply(550, name);
 -               return;
 +               if (lstat(name, &st) < 0) {
 +                       perror_reply(550, name);
 +                       return;
 +               }
         }
         if ((st.st_mode&S_IFMT) == S_IFDIR) {
                 if (rmdir(name) < 0) {
 
 -- END
 
 cd /usr/src && patch < ftpd.patch
 cd libexec/ftpd && make all install clean
 
 Peter
 
 On Fri, Apr 19, 2002 at 06:15:25AM -0700, Nino Dehne wrote:
 > 
 > >Number:         37250
 > >Category:       bin
 > >Synopsis:       [PATCH] ftpd(8) cannot delete stale symlinks
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Fri Apr 19 06:20:01 PDT 2002
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Nino Dehne
 > >Release:        FreeBSD 4.5-RELEASE-p2 i386
 > >Organization:
 > Clan-Planet GmbH
 > >Environment:
 > FreeBSD [...] 4.5-RELEASE-p2 FreeBSD 4.5-RELEASE-p2 #1: Tue Mar 19 18:17:09 CET 2002 root@[...] i386
 > >Description:
 > When trying to delete a file via ftp(1) (or any other client, it doesn't matter), ftpd(8) does a stat(2) on the file to verify it's there. However, if the file to delete is a symlink the target of the link gets checked, not the link itself thus making stale links impossible to delete via ftp.
 > 
 > This occured when local users had symlinks in their home which point to /usr/local/something but are rendered stale when users log in via ftp (due to using chroot() feature of ftpd(8)).
 > >How-To-Repeat:
 > Create a symlink inside a user's home which points outside of the user's home. Log in as that user via ftp while chroot()'ing him using /etc/ftpchroot. Try to delete said link.
 > 
 > This should also work with "ordinary" stale symlinks, i.e. not involving any chroot'ing behaviour of ftpd(8).
 > >Fix:
 >       
 > >Release-Note:
 > >Audit-Trail:
 > >Unformatted:
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-bugs" in the body of the message
 
 -- 
 Peter Sanchez, aka fut0n	|	"The ability to read is what
  - fut0n@linuxforlesbians.org	|	 distinguishes Unix users from
  - www.linuxforlesbians.org	|	 those of more popular platforms."
  - FreeBSD or DIE		|			- John Lasser
State-Changed-From-To: open->patched 
State-Changed-By: yar 
State-Changed-When: Sun Jul 21 05:07:22 PDT 2002 
State-Changed-Why:  
Two instances of this bug have been fixed in CURRENT. 
Thanks for pointing out at it.  By the way besides 
stale symlinks, this bug had prohibited deleting symlinks 
pointing to directories. 


Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Sun Jul 21 05:07:22 PDT 2002 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37250 
State-Changed-From-To: patched->closed 
State-Changed-By: yar 
State-Changed-When: Mon Jul 29 13:19:13 PDT 2002 
State-Changed-Why:  
Fixed in -CURRENT & -STABLE, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37250 
>Unformatted:
