Closed
Bug 322487
Opened 19 years ago
Closed 19 years ago
"Higher directory" is navigable for chrooted user
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 322483
People
(Reporter: lnahlik, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
This is an ftp app we would like to release. The ftp server is AIX 5.3. The user is given an Rsh shell, and home dir is /home/user/./ (chroot). The URL in the form above works fine In Netscape 7.1 and IE 6.0. In Firefox 1.5, the parent directory is visible as a "Higher Directory." If I restrict the parent on the server with 'chmod o-r dir' (remove read access), then one of two things happens:
1) I can still navigate up through the parent. As expected, no files are visible, but I can proceed through to the root dir / and navigate back down to any dir that allows read.
2)A dialog box: "550: The getwd subroutine failed."
I would like to see chrooted users restricted, unable to cd out of their home dir.
Reproducible: Always
Steps to Reproduce:
1. Simply use an address in the form above.
2.
3.
Actual Results:
described in details above.
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 322483 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•