Re: ftpsesame package

2017-04-12 Thread Stuart Henderson 
On 2017-04-12, Todd C. Miller  wrote:
> On Wed, 12 Apr 2017 21:27:49 +0200, Olivier Regnier wrote:
>
>> "ftpsesame chroots to "/var/empty" and changes to user "proxy" to drop 
>> privileges. It does keep a file descriptor to both bpf 
>> (4) and pf 
>> (4) so it is 
>> still very powerful."
>
> The "proxy" user was removed, that is almost certainly the problem.
> The port needs a patch to use "_ftp_proxy" instead.

Simplest quick workaround is to re-add the proxy user though. Run
vipw and add this:

proxy:*:71:71::0:0:Proxy Services:/nonexistent:/sbin/nologin

And add to /etc/group:

proxy:*:71:

Re: ftpsesame package

2017-04-12 Thread Todd C. Miller 
On Wed, 12 Apr 2017 21:27:49 +0200, Olivier Regnier wrote:

> "ftpsesame chroots to "/var/empty" and changes to user "proxy" to drop 
> privileges. It does keep a file descriptor to both bpf 
> (4) and pf 
> (4) so it is 
> still very powerful."

The "proxy" user was removed, that is almost certainly the problem.
The port needs a patch to use "_ftp_proxy" instead.

 - todd

ftpsesame package

2017-04-12 Thread Olivier Regnier 

I runs on single laptop with OpenBSD 6.0 and PF.

I use ftpsesame installed via package for FTP transactions and it works 
fine.


System was upgraded to 6.1 and ftpsesame don't work anymore.

When i run the following command:
$ doas ftpsesame -d -i trunk0

I have this error:
drop_privs: Undefine error:0

"ftpsesame chroots to "/var/empty" and changes to user "proxy" to drop 
privileges. It does keep a file descriptor to both bpf 
(4) and pf 
(4) so it is 
still very powerful."


Is there a solution to resolve this problem?

Regards,
Olivier