[2914] in Kerberos-V5-bugs
krb5-appl/582: chdir(2) problem
daemon@ATHENA.MIT.EDU (ericm@math.montana.edu)
Tue Apr 21 16:26:01 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ericm@math.montana.edu
Date: Tue, 21 Apr 1998 14:15:39 -0600 (MDT)
From: ericm@math.montana.edu
Reply-To: ericm@math.montana.edu
To: krb5-bugs@MIT.EDU
>Number: 582
>Category: krb5-appl
>Synopsis: problem with chdir(2) in login.krb5 and ftpd
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Apr 21 16:16:01 EDT 1998
>Last-Modified:
>Originator: Eric McWhorter
>Organization:
Montana State University
Eric McWhorter 2-207 Wilson Hall, MSU, Bozeman, MT 59717
College of Letters and Science (406)994-1788
Montana State University ericm@math.montana.edu
>Release: krb5-1.0.5
>Environment:
sun ultrasparc 2170, dec mips 5000/240
solaris 2.6, netbsd 1.3.1
System: SunOS gauss 5.6 Generic_105181-04 sun4u sparc SUNW,Ultra-2
Architecture: sun4
>Description:
When src/appl/bsd/login.c and src/appl/gssftp/ftpd/ftpd.c
check to see if the user login directory is valid, the
assumption is made that root can chdir(2) to the user's
home directory.
>How-To-Repeat:
nfs export home dir with root remapped to nobody, login
to an account with $HOME chmod 700. chdir(2) will fail
and login will be to system root dir.
>Fix:
src/appl/bsd/login.c:
seteuid(2) to user before chdir(2), then seteuid back to root
after chdir(2) (see patch).
src/appl/gssftp/ftpd/ftpd.c:
move setuid(2) call to just before chdir(2) call to home
directory (see patch).
Here's a patch:
*** krb5-1.0.5/src/appl/gssftp/ftpd/ftpd.c.orig Mon Apr 20 16:40:59 1998
--- krb5-1.0.5/src/appl/gssftp/ftpd/ftpd.c Mon Apr 20 16:41:05 1998
***************
*** 837,842 ****
--- 837,847 ----
ftp_logwtmp(ttyline, pw->pw_name, remotehost);
logged_in = 1;
+ if (seteuid((uid_t)pw->pw_uid) < 0) {
+ reply(550, "Can't set uid.");
+ goto bad;
+ }
+
if (guest) {
/*
* We MUST do a chdir() after the chroot. Otherwise
***************
*** 854,863 ****
goto bad;
} else
lreply(230, "No directory! Logging in with home=/");
- }
- if (seteuid((uid_t)pw->pw_uid) < 0) {
- reply(550, "Can't set uid.");
- goto bad;
}
if (guest) {
reply(230, "Guest login ok, access restrictions apply.");
--- 859,864 ----
*** krb5-1.0.5/src/appl/bsd/login.c.orig Fri Feb 6 20:41:18 1998
--- krb5-1.0.5/src/appl/bsd/login.c Tue Apr 21 12:00:25 1998
***************
*** 401,406 ****
--- 401,407 ----
struct passwd *pwd;
static char *salt;
+ uid_t root_uid;
#ifdef HAVE_SHADOW
struct spwd *spwd;
***************
*** 1542,1553 ****
--- 1543,1569 ----
sleepexit(0);
}
#endif
+ /* root uid is likely 0, but should check just in case */
+ root_uid = getuid();
+
+ /* Should this call fail, we might login to / instead of our
+ home dir if root hasn't permissions on cwd, which is okay */
+ seteuid((uid_t) pwd->pw_uid);
+
if (chdir(pwd->pw_dir) < 0) {
printf("No directory %s!\n", pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
printf("Logging in with home = \"/\".\n");
+ }
+
+ /* switch back to root to finish login proceedure
+ if this call fails, things will be goofy */
+ if(seteuid(root_uid) < 0) {
+ syslog(LOG_ERR,
+ "seteuid: %s",
+ error_message(errno));
}
/* nothing else left to fail -- really log in */
>Audit-Trail:
>Unformatted:
