Closed Bug 322487 Opened 19 years ago Closed 19 years ago

"Higher directory" is navigable for chrooted user

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 322483

People

(Reporter: lnahlik, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

This is an ftp app we would like to release.  The ftp server is AIX 5.3.  The user is given an Rsh shell, and home dir is /home/user/./ (chroot).  The URL in the form above works fine In Netscape 7.1 and IE 6.0.  In Firefox 1.5, the parent directory is visible as a "Higher Directory."  If I restrict the parent on the server with 'chmod o-r dir' (remove read access), then one of two things happens:
1) I can still navigate up through the parent. As expected, no files are visible, but I can proceed through to the root dir / and navigate back down to any dir that allows read.
2)A dialog box: "550: The getwd subroutine failed."

I would like to see chrooted users restricted, unable to cd out of their home dir.

Reproducible: Always

Steps to Reproduce:
1. Simply use an address in the form above.
2.
3.

Actual Results:  
described in details above.

*** This bug has been marked as a duplicate of 322483 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.