upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Deny attempts to rename a file from guest users if the policy

Browse source 
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
This commit is contained in:
Yaroslav Tykhiy 2004-02-07 14:54:30 +00:00
parent 3f8b9cfe85
commit b943b3c4ae
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libexec/ftpd/ftpd.c
View file

@ -2520,6 +2520,10 @@ renamefrom(char *name)
{
struct stat st;
if (guest && noguestmod) {
reply(550, "Operation not permitted");
return (NULL);
}
if (lstat(name, &st) < 0) {
perror_reply(550, name);
return ((char *)0);