pureftpd - Problem (OR bug)?

Discussion in 'General' started by themark, Nov 20, 2015.

  1. themark

    themark Member


    actually we have found that making a symbolic link into one of the website that point outside the website chroot (example mylink -> / of the server), the FTP account follows that link, and let the customer to browse the ftp tree outside the chroot (for example I was able to upload some stuff on /tmp and /var/tmp directory).

    Obviously that file are written as the ftp user, but however i'm not sure that this is an expected behavior (eg. pureftpd is compiled with --with-virtualchroot capabilities on?).

    Can you let us know?
    Thank you
  2. VegasTech

    VegasTech New Member

    That's unsettling to know.
  3. themark

    themark Member

    Yes could be unsettling or not at this time.
    I'm not sure if the permission here on ispconfig 3 are described to safe also this particular condition or not. Is for that, that i have opened a ticket, in order to have some confirmation...
  4. themark

    themark Member

    mmmmh..... bump!
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You posted above that you wanted to contact the pure-ftpd developers and ask them why their chroot includes other directories. So what did they say?
  6. themark

    themark Member

    Sorry for the misunderstand, but, the ticket mentioned above from me, it's this thread. I have nothing to ask to pureftpd, because i'm pretty sure that "--with-virtualchroot" means that pureftpd can follows the symbolic link.

    So, my only question is if the ispconfig installation, is aware of that, and if is a stuff that we can leave run like that....

    thank you
  7. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page