Thanks to visit codestin.com
Credit goes to github.com

Skip to content

lock chroot #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
addrummond merged 1 commit into from
Jan 31, 2014
Merged

lock chroot #9

addrummond merged 1 commit into from
Jan 31, 2014

Conversation

@asylumfunk
Copy link
Collaborator

@asylumfunk asylumfunk commented Jan 31, 2014

prevent breach even with relative path for getInitialCwd

@asylumfunk
lock chroot
44ec521 
prevent breach even with relative path for getInitialCwd

fix #9
addrummond added a commit that referenced this pull request Jan 31, 2014
@addrummond
Merge pull request #9 from asylumfunk/issue/9
3464b3f 
lock chroot
@addrummond addrummond merged commit 3464b3f into nodeftpd:master Jan 31, 2014
@asylumfunk asylumfunk deleted the issue/9 branch January 31, 2014 02:23
@asylumfunk
Copy link
Collaborator Author

asylumfunk commented Jan 31, 2014

Thanks again!

@asylumfunk asylumfunk mentioned this pull request Mar 7, 2014
Closed
asylumfunk added a commit to asylumfunk/nodeftpd that referenced this pull request Mar 7, 2014
@asylumfunk
Confine MDTM request to files in CHROOT jail
322cf37 
This commit properly resolves MDTM request filenames to locations within
the CHROOT jail. Previously, requests were made relative to the
filesystem root (/), instead of the server root (/srv/files/from/here).

This allowed users to request MDTM on potentially sensitive files
(/root, /home), while simultaneously denying legitimate requests within
the shared directory.

Note: all filesystem calls *must* be joined with the path to the server
root (pathModule.join(self.root, filename)).

fix #28
ref nodeftpd@57a9e5f
ref nodeftpd#5
ref nodeftpd#9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asylumfunk @addrummond