bugzilla-daemon at mindrot.org
2004-Dec-06 06:13 UTC
[Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
http://bugzilla.mindrot.org/show_bug.cgi?id=934 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sftp-server |sftp Version|3.6.1p2 |-current ------- Additional Comments From djm at mindrot.org 2004-12-06 17:13 ------- Yes, this problem is known (it is actually in the client) but is a little tricky to fix. Basically the sftp client does a realpath() to verify that a path is accessible and to change relative paths into absolute ones, but realpath breaks on traverse only directories. The solution is to modify the client to fall back to doing a stat() on the path when the realpath() fails. The client can then just continue, using a relative path. This isn't particularly nice either, because it adds another round-trip for each "cd" command (only on realpath error though) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Dec-11 14:21 UTC
[Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
http://bugzilla.mindrot.org/show_bug.cgi?id=934 ------- Additional Comments From mgjk at idirect.com 2004-12-12 01:21 ------- That's makes sense, so realpath() breaks in sftp-server because sftp-server is running as the user, whereas FTP servers are not quite so diligent about security? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Dec-11 22:13 UTC
[Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
http://bugzilla.mindrot.org/show_bug.cgi?id=934 ------- Additional Comments From djm at mindrot.org 2004-12-12 09:13 ------- Not quite: most ftp server can actually do a chdir() to set the current working directory. The sftp protocol doesn't even have the concept of a "current working directory", so our implementation uses realpath() to convert between the paths that the user types (which may be relative) and absolute filesystem paths. This conversion isn't 100% necessary, and it may be possible to skip it in some cases - e.g. when realpath() fails ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
- [Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
- [Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
- [Bug 934] Traverse-only directories (e.g. chmod 110) break the cd command in sftp
- FreeBSD Security Advisory FreeBSD-SA-03:08.realpath [REVISED]