/ Bug 4295 – AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks
Bug 4295 - AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks
: AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks
Status: CLOSED FIXED
Product: ProFTPD
mod_auth
: Git
: All All
: P3 normal
Assigned To: proftpd development group
:
: Backport
:
:
  Show dependency treegraph
 
Reported: 2017-03-06 17:34 UTC by TJ Saunders
Modified: 2017-04-10 03:23 UTC (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description TJ Saunders 2017-03-06 17:34:55 UTC
The AllowChrootSymlinks directive can be used to prevent the use of symlinks as
DefaultRoot paths:

  http://www.proftpd.org/docs/modules/mod_auth.html#AllowChrootSymlinks

The functionality of "AllowChrootSymlinks off" was implemented using lstat(2),
which only checks if the _last component_ of the path is a symlink.  This
implementation allowed for earlier components in the path to be replaced with
symlinks.

Instead, the AllowChrootSymlinks implementation should check _every_ component
of the DefaultRoot to see if it is a symlink, and reduce a potential window of
symlink replacement races.
Comment 2 TJ Saunders 2017-04-09 20:27:54 UTC
This has been assigned CVE-2017-7418:

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
Comment 3 TJ Saunders 2017-04-10 03:23:27 UTC
Resolved in 1.3.5e, 1.3.6.