mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-23 02:04:46 +00:00
Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP. Renaming a file is effectively a way to modify it. For instance, if a malicious party is unable to delete or overwrite a sensitive file, they can nevertheless rename it to a hidden name and then upload a troyan horse under the guise of the old file name.
This commit is contained in:
parent
3f8b9cfe85
commit
b943b3c4ae
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=125569
|
@ -2520,6 +2520,10 @@ renamefrom(char *name)
|
|||
{
|
||||
struct stat st;
|
||||
|
||||
if (guest && noguestmod) {
|
||||
reply(550, "Operation not permitted");
|
||||
return (NULL);
|
||||
}
|
||||
if (lstat(name, &st) < 0) {
|
||||
perror_reply(550, name);
|
||||
return ((char *)0);
|
||||
|
|
Loading…
Reference in a new issue