diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2011-12-23 15:00:37 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2011-12-23 15:00:37 +0000 |
| commit | 3e65b9c6e6b7b2081d54e1dc40983c3c00eaf738 (patch) | |
| tree | 7006a336edec7e2e646d67e3d9e61837cdb2fa3f /libexec/ftpd | |
| parent | 2cd8464e4eae8d0379d2cc56063b4b2069accfad (diff) | |
Notes
Diffstat (limited to 'libexec/ftpd')
| -rw-r--r-- | libexec/ftpd/ftpd.c | 1 | ||||
| -rw-r--r-- | libexec/ftpd/popen.c | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 5894f3c7c3b7..00570d6e56c1 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1562,6 +1562,7 @@ skip: reply(550, "Can't change root."); goto bad; } + __FreeBSD_libc_enter_restricted_mode(); } else /* real user w/o chroot */ homedir = pw->pw_dir; /* diff --git a/libexec/ftpd/popen.c b/libexec/ftpd/popen.c index 8a739dc2ffed..9f80507a839f 100644 --- a/libexec/ftpd/popen.c +++ b/libexec/ftpd/popen.c @@ -143,6 +143,9 @@ ftpd_popen(char *program, char *type) } (void)close(pdes[1]); } + /* Drop privileges before proceeding */ + if (getuid() != geteuid() && setuid(geteuid()) < 0) + _exit(1); if (strcmp(gargv[0], _PATH_LS) == 0) { /* Reset getopt for ls_main() */ optreset = optind = optopt = 1; |