From nobody@FreeBSD.ORG Tue Dec  7 21:49:45 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D7ED514BD4; Tue,  7 Dec 1999 21:49:45 -0800 (PST)
Message-Id: <19991208054945.D7ED514BD4@hub.freebsd.org>
Date: Tue,  7 Dec 1999 21:49:45 -0800 (PST)
From: greyleaf@home.net
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: Normal users can over write important system files via ftp.
X-Send-Pr-Version: www-1.0

>Number:         15351
>Category:       misc
>Synopsis:       Normal users can over write important system files via ftp.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec  7 21:50:01 PST 1999
>Closed-Date:    Wed Dec 8 23:31:41 PST 1999
>Last-Modified:  Wed Dec  8 23:32:03 PST 1999
>Originator:     Jim Cole
>Release:        3.2
>Organization:
>Environment:
FreeBSD loki.yggdrasill.net 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Sun Sep 12 13:45:31 MDT 1999     root@loki.yggdrasill.net:/usr/src/sys/compile/LOKI_1  i386
>Description:
It is possible, as a normal users, to use the ftp client to over write
system files with modes of 0664 and group wheel (such as log files in
/var/log). This is true for at least the stock ftp distributed with the
3.2 release.
>How-To-Repeat:
As a normal user, ftp to another UNIX machine that includes, say
/var/log/messages. Do a bin and then a get /var/log/messages At the
end of the download, there will be a message stating that the
modification time of the file couldn't be changed, however the old
file is over written. In all cases the ftp was initiated from the
user's home directory.
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: sheldonh 
State-Changed-When: Wed Dec 8 06:03:57 PST 1999 
State-Changed-Why:  
Suspected pilot error, waiting for confirmation from pilot. :-) 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: greyleaf@home.net
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/15351: Normal users can over write important system files via ftp. 
Date: Wed, 08 Dec 1999 16:03:49 +0200

 On Tue, 07 Dec 1999 21:49:45 PST, greyleaf@home.net wrote:
 
 > It is possible, as a normal users, to use the ftp client to over write
 > system files with modes of 0664 and group wheel (such as log files in
 > /var/log). This is true for at least the stock ftp distributed with the
 > 3.2 release.
 
 I think you're mistaken.  I think that users who are a part of group
 wheel can do this, and that's expected behaviour.  Before you do your
 test as a "normal user", type
 	
 	id
 
 at the command prompt.  Is this normal user part of group wheel?  If so,
 everything's working as it should. :-)
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: feedback->closed 
State-Changed-By: sheldonh 
State-Changed-When: Wed Dec 8 23:31:41 PST 1999 
State-Changed-Why:  
Confirmed pilot error. :-) 
>Unformatted:
