/
Bugzilla – Bug 4295
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks
Last modified: 2017-04-10 03:23:27 UTC
The AllowChrootSymlinks directive can be used to prevent the use of symlinks as DefaultRoot paths: http://www.proftpd.org/docs/modules/mod_auth.html#AllowChrootSymlinks The functionality of "AllowChrootSymlinks off" was implemented using lstat(2), which only checks if the _last component_ of the path is a symlink. This implementation allowed for earlier components in the path to be replaced with symlinks. Instead, the AllowChrootSymlinks implementation should check _every_ component of the DefaultRoot to see if it is a symlink, and reduce a potential window of symlink replacement races.
Fixed in master via: https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f and backported to the 1.3.5 branch: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed
This has been assigned CVE-2017-7418: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
Resolved in 1.3.5e, 1.3.6.