pst@comdesign.cdi.com (Paul Traina) (11/17/88)
After the recent scares, I went back to install the fixes for 4bsd ftpd.
UCB was kind enough to supply source code for all of ftpd, however it
was for 4.3bsd. I think I've patched the ftpd source for 4.2 compatibility,
but I'd like to make sure that I didn't do anything stupid. If there's
anyone out there who'd like to look at this / try it, I'd appreciate it.
Disclaimer: I *think* it works right, but don't bet your life on it.
The following trivial changes were made to ftpd & popen. I can't be sure
I did everything right, because I don't have 4.3 documentation, but ...
chances are it's right.
ftpd: fixed for 4.2bsd syslog() - openlog call
removed check of /etc/shells (getusershell/endusershell)
popen: uid_t doesn't exist in 4.2 sys/types, looked like it
should be sizeof() return of vfork (size of a pid),
so I typedef'ed to int.
Here's a shar with the diffs to these two files. My base was the ftpd
package source posted by Keith Bostic a few weeks ago.
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of shell archive."
# Contents: ftpd.diff popen.diff
# Wrapped by pst@comdesign on Wed Nov 16 11:33:14 1988
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'ftpd.diff' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'ftpd.diff'\"
else
echo shar: Extracting \"'ftpd.diff'\" \(1145 characters\)
sed "s/^X//" >'ftpd.diff' <<'END_OF_FILE'
X*** ftpd.c.ucb Wed Nov 16 11:02:31 1988
X--- ftpd.c Wed Nov 16 11:20:44 1988
X***************
X*** 128,134 ****
X }
X data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1);
X debug = 0;
X! openlog("ftpd", LOG_PID, LOG_DAEMON);
X argc--, argv++;
X while (argc > 0 && *argv[0] == '-') {
X for (cp = &argv[0][1]; *cp; cp++) switch (*cp) {
X--- 128,134 ----
X }
X data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1);
X debug = 0;
X! openlog("ftpd", LOG_PID); /* pst modified for 4.2syslog */
X argc--, argv++;
X while (argc > 0 && *argv[0] == '-') {
X for (cp = &argv[0][1]; *cp; cp++) switch (*cp) {
X***************
X*** 842,847 ****
X--- 842,850 ----
X return (0);
X if ((shell = p->pw_shell) == NULL || *shell == 0)
X shell = "/bin/sh";
X+
X+ /* pst - 4.2bsd doesn't support /etc/shells */
X+ #ifdef notdef
X while ((cp = getusershell()) != NULL)
X if (strcmp(cp, shell) == 0)
X break;
X***************
X*** 848,853 ****
X--- 851,858 ----
X endusershell();
X if (cp == NULL)
X return (0);
X+ #endif
X+
X if ((fd = fopen(FTPUSERS, "r")) == NULL)
X return (1);
X while (fgets(line, sizeof (line), fd) != NULL) {
END_OF_FILE
if test 1145 -ne `wc -c <'ftpd.diff'`; then
echo shar: \"'ftpd.diff'\" unpacked with wrong size!
fi
# end of 'ftpd.diff'
fi
if test -f 'popen.diff' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'popen.diff'\"
else
echo shar: Extracting \"'popen.diff'\" \(269 characters\)
sed "s/^X//" >'popen.diff' <<'END_OF_FILE'
X*** popen.c.ucb Wed Nov 16 11:22:05 1988
X--- popen.c Wed Nov 16 11:11:43 1988
X***************
X*** 34,39 ****
X--- 34,41 ----
X * command.
X */
X
X+ typedef int uid_t; /* pst 4.2bsd addition, it should be in sys/types.h */
X+
X static uid_t *pids;
X static int fds;
X
END_OF_FILE
if test 269 -ne `wc -c <'popen.diff'`; then
echo shar: \"'popen.diff'\" unpacked with wrong size!
fi
# end of 'popen.diff'
fi
echo shar: End of shell archive.
exit 0
------
Paul Traina To believe that what is true for
{uunet|pyramid}!comdesign!pst you in your private heart is true
pst@cdi.com for all men, that is genius.rds95@leah.Albany.Edu (Robert Seals) (11/18/88)
In article <565@comdesign.CDI.COM>, pst@comdesign.cdi.com (Paul Traina) writes: > UCB was kind enough to supply source code for all of ftpd, however it > was for 4.3bsd. I think I've patched the ftpd source for 4.2 compatibility, > but I'd like to make sure that I didn't do anything stupid. If there's Ditto, except for Ultrix 1.2 and 2.2 (they involved the same changes). > popen: uid_t doesn't exist in 4.2 sys/types, looked like it > should be sizeof() return of vfork (size of a pid), > so I typedef'ed to int. I peeked at 4.3's sys/types.h, and it claimed u_short, so I put it in mine, too. The resulting thing seems to work. Is it more secure than the old version? Beats me!! Does it REALLY work? Beats me!! > Paul Traina To believe that what is true for rob
rds95@leah.Albany.Edu (Robert Seals) (11/18/88)
In article <565@comdesign.CDI.COM>, pst@comdesign.cdi.com (Paul Traina) writes: > Disclaimer: I *think* it works right, but don't bet your life on it. I agree, after trying to patch my Ultrix system. But, now in /usr/spool/mqueue/syslog, I periodically get messages like this: Nov 16 10:55:03 localhost: 19621 ftpd: ioctl: Operation not supported on socket Should I be frightened? Concerned? Amused? Go back to the orig? rob