Re: Proposed modification to ftpd

From: Peter Ross (
Date: 01/13/01

Date: Sat, 13 Jan 2001 18:27:27 +0100 (MET)
From: Peter Ross <>


next week I have to change a ftp server.

I read the thread starting with the message from
Fernando Schapachnik <> on Fri, 29 Dec 2000
13:29:45 -0300 (ART)

> I just submitted PR bin/23944, which contains a patch against
> 4.2R ftpd to add the following funcionality to chrooted users: The
> user's home dir is splitted by the first '/./'. The first part is
> used to chroot, and the second to chdir (eg,
> '/usr/local/www/data/site/./htdocs', means chroot to
> /usr/local/www/data/site, and then chdir to htdocs).
> The reason I consider it (some how) security related is that
> it is meant to simplify migration from (usually
> remote-root-exploitable) wu-ftpd, which uses the same sintax.

I want to migrate (for security reasons).

I wish that the user doesn't see /etc or /bin after login, because some of them
using scripts to receive data. These scripts could have instructions like "mput
*". There are more then one or two users and I don't like monday telephon calls
"It doesn't work". Some users are confused by smallest changes..

I created a home directory owned by the FTP account and used /etc/ftpchroot.
Fortunately ls is integrated part of ftpd - no bin directory necessary. Also
there's no etc. According to the man page I only see uids (no names because
there is no passwd database) but I think that isn't a problem. This moment I
can't see other problems. It seems to work.

> ~ftp Make the home directory owned by ``root'' and unwritable
> by anyone.

Hmmh. Now the home directory is 775 (a different user with a same gid moves the
files in our network or from it)

Would you prefer my way to migrate wu-ftpd -> ftpd rather than implement the
"*/./*" syntax? Any risks?

Peter Ross

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message