Bug#796233: proftpd-basic: Aborting ftpasswd leaves passwd with world-readable permissions

Hilmar Preuße hille42 at web.de
Fri Mar 3 20:37:46 UTC 2017


tag 796233 + fixed-upstream
# 1.3.6rc2
stop

On 20.08.2015 15:25, Fabian Schlager wrote:

Hi,

> When running ftpasswd (see [0] for the exact call), the script will
> change the permissions of the passwd file to 0644 before prompting for a
> password. Aborting it at the password prompt will cause the permissions
> to _NOT_ be changed back to 0440.
> 
I notice the following code in ftpasswd from 1.3.6rc2:

    # Install a SIGINT handler, for cases where Ctrl-C may be used to abort
    # the prompt.
    $SIG{INT} = sub {
      # Restore the file permissions.
      unless (chmod(0440, $output_file)) {
        print STDERR "$program: unable to set permissions on
$output_file: $!";
      }

      # Restore the terminal echo behavior, too.
      system "stty echo";

      exit 1;
    };

I guess this solves your problem, I tag that bug as fixed in upstream.

Hilmar
-- 
http://www.hilmar-preusse.de.vu/   #206401 http://counter.li.org



More information about the Pkg-proftpd-maintainers mailing list