PureFTPD virtual chroot
PureFTPD has a feature called “virtual chroot”, where it will mimic a chroot by its own means, but without using the chroot() system call.
An excerpt from the PureFTPD FAQ:
– The ‘virtual chroot’ implementation. With that feature, users can
follow all symbolic links, even when they don’t point inside the jail. This
is very handy to set up directories shared by multiple users. Binary
packages are compiled with virtual chroot by default.To enable the virtual chroot feature when you are compiling the server, use
the —with-virtualchroot with ./configure . If you want a restricted chroot,
don’t include —with-virtualchroot.Please note that the FTP server will never let people create new symbolic
links. Symbolic links have to be already there to be followed. Or if your
users can create symbolic links through Perl or PHP scripts, your hosting
platform is really badly configured. People can install any web file
browser, they don’t need FTP to look at your system files. Recompile PHP
without POSIX functions and run all Perl scripts chrooted.
This feature is turned on by default in the FreeBSD ports.
Jos sent in a comment to the ports maintainer of pureftpd noting the above problem and today they have made this selectable when compiling the package.
Freshports commit message and direct link to CVS.
Posted 2009/11/30 14:51 by alex
Comments
← Grow FreeBSD UFS filesystem on VmWare HDDs FreeBSD LD_PRELOAD security fault →
Gardener Says:
thanks, good article.
Cartier cell phone strap Says:
Please note that the FTP server will never let people create new symbolic
links. Symbolic links have to be already there to be followed. Or if your
users can create symbolic links through Perl or PHP scripts, your hosting
platform is really badly configured. People can install any web file
replica YSL scarf Says:
This article is very good, very appealing. Affects every reader chord, hoping to share with you the exchange. Thank articles.
discount OKey sunglasses Says:
This article is very good, very appealing. Affects every reader chord, hoping to share with you the exchange. Thank articles.
Piaget usa watches Says:
This article is really good, very appealing. Hope I can talk to you, thank you for your articles
discount Police sunglasses Says:
Articles are moving every reader with heart, and full of appeal. Let us have to admire, thank your article!
Spain Longines watches Says:
Thank you! I LOVE this. I made one. I use it all the time. I will be posting a picture of mine and providing a link on my blog.
cheap Lolita coats Says:
you are seriously number a person admin your running a blog is wonderful i continually examine your webpage i’m positive you is going to be the very best
athletic clothing Says:
nice post