system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-23 02:04:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deny attempts to rename a file from guest users if the policy

Browse source 
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
This commit is contained in:
Yaroslav Tykhiy 2004-02-07 14:54:30 +00:00
parent 3f8b9cfe85
commit b943b3c4ae
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=125569
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libexec/ftpd/ftpd.c
View file

@ -2520,6 +2520,10 @@ renamefrom(char *name)
{
struct stat st;
if (guest && noguestmod) {
reply(550, "Operation not permitted");
return (NULL);
}
if (lstat(name, &st) < 0) {
perror_reply(550, name);
return ((char *)0);