> On Monday 15 September 2014 16:34, Morten Kvistgaard wrote: > > Hello Denys, > > > > I've studied the last patch you applied to ftpd. > > > > The patch can be fixed if you reorder the "change_identity" to beneath the > jail. > > Fix in what way? What is the bug?
The bug is that if you use the authentication + chroot feature, the server will crash at login. (Connection closes.) The current code goes like this: ... change_identity(pw); ... xchroot(argv[0]); ... According to doc, http://linux.die.net/man/2/chroot, only privileged processes may call chroot. So the crash makes sence. > > > Also the "change_identity" ought to conflict with the NOMMU jail break. > > However a carefully placed call to "getpwuid" seems to somehow solve > this. (wtf?) I've tested it on Ubuntu + uClinux. > > What is the bug? The same issue arise when the NOMMU has to break out of jail. (chroot again.) You need to regain privileges before you can break out. -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
