Closed Bug 322487 Opened 19 years ago Closed 19 years ago

"Higher directory" is navigable for chrooted user

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 322483

People

(Reporter: lnahlik, Unassigned)

References

()

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 This is an ftp app we would like to release. The ftp server is AIX 5.3. The user is given an Rsh shell, and home dir is /home/user/./ (chroot). The URL in the form above works fine In Netscape 7.1 and IE 6.0. In Firefox 1.5, the parent directory is visible as a "Higher Directory." If I restrict the parent on the server with 'chmod o-r dir' (remove read access), then one of two things happens: 1) I can still navigate up through the parent. As expected, no files are visible, but I can proceed through to the root dir / and navigate back down to any dir that allows read. 2)A dialog box: "550: The getwd subroutine failed." I would like to see chrooted users restricted, unable to cd out of their home dir. Reproducible: Always Steps to Reproduce: 1. Simply use an address in the form above. 2. 3. Actual Results: described in details above.
*** This bug has been marked as a duplicate of 322483 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.