29639 – net-ftp/proftpd -- multiple problems with Hide* and *Fake* directives

Bug 29639 - net-ftp/proftpd -- multiple problems with Hide* and *Fake* directives

Summary: net-ftp/proftpd -- multiple problems with Hide* and *Fake* directives

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Nick Hadaway

URL:	http://www.gg3.net/~chutz/bugs/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-25 23:24 UTC by Georgi Georgiev
Modified:	2003-10-15 22:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Georgi Georgiev 2003-09-25 23:24:29 UTC

I am running proftpd-1.2.9_rc2 with the options DirFakeUser and DirFakeGroup set to "on". However, if the client issues the command "LIST -sometext" the real user and groups are returned in the listing.

DirFakeGroup            on
DirFakeUser             on
DirFakeMode             0640

I also use the options

HideNoAccess            on
HideUser                noaccess
HideGroup               noaccess

and they worked fine with proftpd-1.2.9_rc1, but proftpd-1.2.9_rc2 broke them.

Here is sample output of a session when connected to the machine in question:

$ ncftp tiger
NcFTP 3.1.5 (Oct 13, 2002) by Mike Gleason (ncftp@ncftp.com).
Connecting to 10.0.0.9...                                                                  
Hello!
ProFTPD 1.2.9rc2 Server (ProFTPD) [tiger]
Logging in...                                                                              
Anonymous access granted, restrictions apply.
Logged in to tiger.                                                                        
ncftp / > dir
drwxr-x--x   3 ftp      ftp         4096   Jan 13  2003   data
drwxr-xr-x  35 ftp      ftp         4096   Sep  9 16:50   home
drwx------   2 ftp      ftp        16384   Dec  7  2002   lost+found
drwxr-s---   5 ftp      ftp         4096   May  8 18:07   non-anon
drwxr-x---   5 ftp      ftp         4096   Apr 23 17:10   pub
drwxr-x---   4 ftp      ftp         4096   Sep 18 03:12   upload
drwxr-xr-x   8 ftp      ftp         4096   Jun 15 07:24   www
ncftp / > dir -?
drwxr-x--x   3 noaccess users        4096 Jan 13  2003 data
drwxr-xr-x  35 root     root         4096 Sep  9 16:50 home
drwx------   2 root     root        16384 Dec  7  2002 lost+found
drwxr-s---   5 root     users        4096 May  8 18:07 non-anon
drwxr-x---   5 root     root         4096 Apr 23 17:10 pub
drwxr-x---   4 ftp      ftp          4096 Sep 18 03:12 upload
drwxr-xr-x   8 root     users        4096 Jun 15 07:24 www

Compare this with (hint: pay attention to the version):

$ ncftp tiger
NcFTP 3.1.5 (Oct 13, 2002) by Mike Gleason (ncftp@ncftp.com).
Connecting to 10.0.0.9...                                                                  
Hello!
ProFTPD 1.2.9rc1 Server (ProFTPD) [tiger]
Logging in...                                                                              
Anonymous access granted, restrictions apply.
Logged in to tiger.                                                                        
ncftp / > dir
drwxr-x---  35 ftp      ftp         4096   Sep  9 16:50   home
drwxr-x---   5 ftp      ftp         4096   Apr 23 17:10   pub
drwxr-x---   4 ftp      ftp         4096   Sep 18 03:12   upload
drwxr-x---   8 ftp      ftp         4096   Jun 15 07:24   www
ncftp / > dir -?
drwxr-x---  35 ftp      ftp          4096 Sep  9 16:50 home
drwxr-x---   5 ftp      ftp          4096 Apr 23 17:10 pub
drwxr-x---   4 ftp      ftp          4096 Sep 18 03:12 upload
drwxr-x---   8 ftp      ftp          4096 Jun 15 07:24 www
ncftp / > 

and this is the real situation:

$ ls -l
total 40
drwxr-x--x    3 noaccess users        4096 Jan 14  2003 data
drwxr-xr-x   35 root     root         4096 Sep 10 01:50 home
drwx------    2 root     root        16384 Dec  7  2002 lost+found
drwxr-s---    5 root     users        4096 May  9 03:07 non-anon
drwxr-xr-x    5 root     root         4096 Apr 24 02:10 pub
drwxrwxrwt    4 ftp      ftp          4096 Sep 18 12:12 upload
drwxr-xr-x    8 root     users        4096 Jun 15 16:24 www

The problems with 1.2.9_rc2 are numerous:

1. The "non-anon" directory is not hidden as per request to the "HideNoAccess on" directive.

2. The "data" directory is not hidden as per "HideUser noaccess"

3. The "www" and "pub" directories should be displayed with the same permissions (faked to 0640 or maybe 0750).

4. All directories should be shown with the same permissions, as per DirFakeMode 0640.

5. The second list should not return the real users and groups.

I guess this should be sent directly upstream.

Comment 1 Georgi Georgiev 2003-09-26 06:09:27 UTC

The bug is already reported to proftpd.

http://bugs.proftpd.org/show_bug.cgi?id=2183

Comment 2 solar (RETIRED) gentoo-dev

2003-10-13 09:18:09 UTC

Nick, 
I'll get the jump on you here and add TJ Saunders directive lookup code patch
to proftpd as ~arch -r1 which should fix this problem.

Georgi,
Please test so we can push this one to stable.

Comment 3 Georgi Georgiev 2003-10-13 10:47:58 UTC

Looks good.

ncftp / > dir
drwxr-x---  35 ftp      ftp         4096   Sep  9 16:50   home
drwxr-x---   5 ftp      ftp         4096   Apr 23 17:10   pub
drwxr-x---   4 ftp      ftp         4096   Oct  6 15:25   upload
drwxr-x---   8 ftp      ftp         4096   Jun 15 07:24   www
ncftp / > dir -?
drwxr-x---  35 ftp      ftp          4096 Sep  9 16:50 home
drwxr-x---   5 ftp      ftp          4096 Apr 23 17:10 pub
drwxr-x---   4 ftp      ftp          4096 Oct  6 15:25 upload
drwxr-x---   8 ftp      ftp          4096 Jun 15 07:24 www

Comment 4 Nick Hadaway 2003-10-15 22:57:30 UTC

proftpd-1.2.9_rc3 is now in portage which should address this problem.