From: <bu...@pr...> - 2001-02-01 18:11:52
|
http://bugs.proftpd.net/show_bug.cgi?id=451 *** shadow/451 Wed Jan 31 19:46:01 2001 --- shadow/451.tmp.5983 Thu Feb 1 12:07:27 2001 *************** *** 41,43 **** --- 41,110 ---- ------- Additional Comments From tj...@di... 2001-01-31 19:46 ------- Could you upgrade to the latest version from CVS, and try to repeat this? + + ------- Additional Comments From bol...@dc... 2001-02-01 12:07 ------- + Today (01/02) I downloaded the cvs version on a pure debian 2.2 with rsbac and + tested again: + (after tail -f /var/log/syslog &) + + rsbac:/home/boldi/src/proftpd-1.2# ftp 0 + Connected to 0. + 220 ProFTPD 1.2.0 Server (ProFTPD Default Installation) + [rsbac.ebizlab.hit.bme.hu] + Name (0:boldi): Feb 2 02:08:42 rsbac kernel: rsbac_adf_request(): request + CHANGE_OWNER, caller_pid 20584, caller_prog_name proftpd, caller_uid 0, target- + type PROCESS, tid 20584, attr owner, value 65535, result NOT_GRANTED by AUTH + Feb 2 02:08:42 rsbac kernel: rsbac_adf_request(): request CHANGE_OWNER, + caller_pid 20584, caller_prog_name proftpd, caller_uid 0, target-type PROCESS, + tid 20584, attr owner, value 65535, result NOT_GRANTED by AUTH + Feb 2 02:08:42 rsbac kernel: rsbac_adf_request(): request CHANGE_OWNER, + caller_pid 20585, caller_prog_name inetd, caller_uid 0, target-type PROCESS, + tid 20585, attr owner, value 100, result NOT_GRANTED by AUTH + Feb 2 02:08:42 rsbac identd[20585]: started + 331 Password required for boldi. + Password:Feb 2 02:08:51 rsbac kernel: rsbac_adf_request(): request + CHANGE_OWNER, caller_pid 20584, caller_prog_name proftpd, caller_uid 0, target- + type PROCESS, tid 20584, attr owner, value 65535, result NOT_GRANTED by AUTH + + 230 User boldi logged in. + Remote system type is UNIX. + Using binary mode to transfer files. + ftp> ls + 200 PORT command successful. + 150 Opening ASCII mode data connection for file list. + drwxr-xr-x 3 root boldi 4096 Feb 2 01:05 src + 226 Transfer complete. + ftp> get /etc/shadow w + local: w remote: /etc/shadow + 200 PORT command successful. + 150 Opening BINARY mode data connection for /etc/shadow (950 bytes). + 226 Transfer complete. + 950 bytes received in 0.00 secs (1117.8 kB/s) + + It seems proftpd tried to set the owner first to 65535 which wasn't successfull. + + After adding setuid capability in rsbac to proftpd: + Connected to 0. + 220 ProFTPD 1.2.0 Server (ProFTPD Default Installation) + [rsbac.ebizlab.hit.bme.hu] + Name (0:boldi): boFeb 2 02:17:01 rsbac kernel: rsbac_adf_request(): request + CHANGE_OWNER, caller_pid 20715, caller_prog_name inetd, caller_uid 0, target- + type PROCESS, tid 20715, attr owner, value 100, result NOT_GRANTED by AUTH + Feb 2 02:17:01 rsbac identd[20715]: started + Feb 2 02:17:01 rsbac kernel: rsbac_adf_request(): request CHANGE_OWNER, + caller_pid 20715, caller_prog_name identd, caller_uid 0, target-type PROCESS, + tid 20715, attr owner, value 65534, result NOT_GRANTED by AUTH + ldi + 331 Password required for boldi. + Password: + 230 User boldi logged in. + Remote system type is UNIX. + Using binary mode to transfer files. + ftp> get /etc/shadow w2 + local: w2 remote: /etc/shadow + 200 PORT command successful. + 550 /etc/shadow: Permission denied + + + + -- To unsubscribe, send mail to pro...@pr... with "unsubscribe" in the subject field of the message. http://www.proftpd.net -- The Official ProFTPD web site. http://bugs.proftpd.net -- Bug reporting and feature requests. |