"Higher directory" is navigable for chrooted user

RESOLVED DUPLICATE of bug 322483

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 322483
13 years ago
13 years ago

People

(Reporter: lnahlik, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

This is an ftp app we would like to release.  The ftp server is AIX 5.3.  The user is given an Rsh shell, and home dir is /home/user/./ (chroot).  The URL in the form above works fine In Netscape 7.1 and IE 6.0.  In Firefox 1.5, the parent directory is visible as a "Higher Directory."  If I restrict the parent on the server with 'chmod o-r dir' (remove read access), then one of two things happens:
1) I can still navigate up through the parent. As expected, no files are visible, but I can proceed through to the root dir / and navigate back down to any dir that allows read.
2)A dialog box: "550: The getwd subroutine failed."

I would like to see chrooted users restricted, unable to cd out of their home dir.

Reproducible: Always

Steps to Reproduce:
1. Simply use an address in the form above.
2.
3.

Actual Results:  
described in details above.

*** This bug has been marked as a duplicate of 322483 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.